Differences between revisions 2 and 3

IP Flow Monitor

IP Flows is data a network device exports on the Flows flowing through it, it does not contain the actual data, just a summary of the data flowing.

Cisco Flow setup

Enable flows with
- ip flow-export destination 10.10.240.31 3121
SRC Ip to use for export records
- ip flow-export source Loopback0
ip flow-cache timeout active 1

ip route-cache flow

display and filter example. grep out IP's we dont want to see, match udp $4==17, and then filter out port 123 ntp.

flow-cat ft-v05.2016-07* | flow-print | grep -v "10.100\|10.10.240\|10.67.0.8\|196.214.71.234\|10.100.81" |\
 awk -F, 'BEGIN {FS=" "} { if ( ( $1 ~ /10.90/ || $2 ~ /10.90/ ) && $3 == "17" && $4 != "123") print $0 }'

...

CategoryCisco

-  ⇤ ← Revision 2 as of 2015-05-03 18:18:17 → 
  Size: 476
  Editor: PieterSmit
  Comment: Fix page
+   ← Revision 3 as of 2016-07-05 11:53:38 → ⇥
  Size: 828
  Editor: PieterSmit
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 15:
+ * display and filter example.  grep out IP's we dont want to see, match udp $4==17, and then filter out port 123 ntp.
   {{{
flow-cat ft-v05.2016-07* | flow-print | grep -v "10.100\|10.10.240\|10.67.0.8\|196.214.71.234\|10.100.81" |\
 awk -F, 'BEGIN {FS=" "} { if ( ( $1 ~ /10.90/ || $2 ~ /10.90/ ) && $3 == "17" && $4 != "123") print $0 }'
   }}}