Answer the question
In order to leave comments, you need to log in
How to analyze the contents of packets using NetFlow?
The initial task is to analyze the content of traffic remotely from a Cisco router.
I googled that Cisco can write to pcap format using capture (starting from some IOS version) to a file locally, or netflow to a remote collector
. I became interested in netflow technology.
While there is no Cisco, I train on Mikrotik, I chose netflow v9. Collector and analyzer - on Ubuntu 14.04. But so far I've only been able to capture the headers of the packets, not all of their contents. Tried to use nfcapd+nfdump and googled some moretcpdump -n -s 0 -vvv port 2055
But still I see only the headers and not the whole packet. How to solve the problem?
Answer the question
In order to leave comments, you need to log in
What exactly do you want to pull out of the package?
Netflow allows you to receive
Most likely, you need to look at setting up Port Monitoring (SPAN) on Cisco and, accordingly, software that can work with it.
Netflow is used to analyze the traffic that was transmitted from one device to another, the data itself is not taken into account in it. To analyze the traffic itself passing through the router, you need to mirror the traffic, see www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_...
imho if it is possible to do this on the switch (via span) , better to do on it.
What is the end goal? If this is a security issue, then Cisco ASA can look into the payload of the package. You can set up the necessary application policies and enjoy life. Specify the task and it will be easier to help you...
By the way, embedded packet capture allows you to store pcap not only locally, but also centrally save via tftp, ftp, http/https, scp protocols. Just keep in mind that this functionality will additionally load the CPU of your piece of iron.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question