When you are looking to track down a host using your Cisco NetFlow reporting tool, sometimes it helps to consider Source or Destination. What I mean by this is are you looking for the host creating the traffic or receiving the traffic?
Below are the top Internet hosts we are receiving traffic from on our T-1 for the last 5 minutes. Notice: Inbound & Src.
I want to know who is sending data to the host 8.12.216.124. I click on the Search tool in Scrutinizer and enter the IP address.
Notice above that since I searched all the routers and switches sending NetFlow or sFlow it found the host on four different pieces of equipment.
PLXSW3 is an sFlow switch on the periphery of our network. I’m looking for the Source host sending data to the Destination 8.12.216.124. Above, I selected the Dst report. Basically, I want an sFlow analysis report, showing me the Sources sending data to the Destination of 8.12.216.124.
Below, I drilled in for details and did some network traffic analysis. I know we blog a lot about NetFlow, but sFlow ROCKS as well.
Above, you can see that mixmastermitch’s PC (i.e. the Source) is sending the data to the Destination 8.12.216.124. I also know that Mitch is plugged in on port 2. Should we turn his port off?
🙂
