Cisco Cisco Identity Services Engine 1.3 Guide De Conception
© 2015 思科系统公司
第
69 页
安全访问操作指南
以红色突出显示的关键属性包括:
• EndPointSource = NetFlow Probe
• IPV4_DST_ADDR = 173.37.144.208 (cisco.com)
• IPV4_SRC_ADDR = 10.1.10.100 (win7-pc)
• L4_DST_PORT = 80 (HTTP)
• L4_SRC_PORT = 53149
• PROTOCOL = 6 (TCP)
如果使用流量捕获语句,您可以看到以下附加属性:
• DST_VLAN/SRC_VLAN
• IN_SRC_MAC/OUT_DST_MAC
• MAX_TTL/MIN_TTL
要验证是否在收集
NetFlow 数据,您可以使用 show ip cache flow 和 show mls netflow ip 命令。以下示例使用
的是
show ip cache flow 命令:
cat6503#show ip cache flow
-------------------------------------------------------------------------------
Displaying software-switched flow entries on the MSFC in Module 1:
IP packet size distribution (348128 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.548 .342 .077 .005 .000 .000 .000 .000 .000 .000 .015 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .007 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
2 active, 4094 inactive, 15760 added
251284 ager polls, 0 flow alloc failures
Active flows timeout in 1 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 33992 bytes
6 active, 1018 inactive, 47280 added, 15760 added to flow
0 alloc failures, 2775 force free
1 chunk, 24 chunks added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 44 0.0 91 42 0.0 14.4 7.8
TCP-WWW 1361 0.0 22 45 0.0 0.0 14.2
TCP-other 1602 0.0 25 51 0.0 0.1 13.6
UDP-DNS 128 0.0 1 70 0.0 0.0 15.4
UDP-NTP 1375 0.0 1 76 0.0 0.0 15.5
UDP-other 2880 0.0 3 338 0.0 3.8 15.4
ICMP 6985 0.0 34 30 0.0 0.4 13.4
IP-other 1383 0.0 13 65 0.0 58.3 2.0
Total: 15758 0.0 22 46 0.0 6.0 13.0
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Gi2/47 10.1.50.2 Null 224.0.0.10 58 0000 0000 4
Gi2/47 10.1.13.1 Null 10.1.100.7 11 0043 0043 3
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Displaying software-switched flow entries on the MSFC in Module 1:
IP packet size distribution (348128 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.548 .342 .077 .005 .000 .000 .000 .000 .000 .000 .015 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .007 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
2 active, 4094 inactive, 15760 added
251284 ager polls, 0 flow alloc failures
Active flows timeout in 1 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 33992 bytes
6 active, 1018 inactive, 47280 added, 15760 added to flow
0 alloc failures, 2775 force free
1 chunk, 24 chunks added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 44 0.0 91 42 0.0 14.4 7.8
TCP-WWW 1361 0.0 22 45 0.0 0.0 14.2
TCP-other 1602 0.0 25 51 0.0 0.1 13.6
UDP-DNS 128 0.0 1 70 0.0 0.0 15.4
UDP-NTP 1375 0.0 1 76 0.0 0.0 15.5
UDP-other 2880 0.0 3 338 0.0 3.8 15.4
ICMP 6985 0.0 34 30 0.0 0.4 13.4
IP-other 1383 0.0 13 65 0.0 58.3 2.0
Total: 15758 0.0 22 46 0.0 6.0 13.0
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Gi2/47 10.1.50.2 Null 224.0.0.10 58 0000 0000 4
Gi2/47 10.1.13.1 Null 10.1.100.7 11 0043 0043 3
-------------------------------------------------------------------------------