Showing dropped packets?
Hi,
I'm exporting data from a Cisco 2621XM to a demo version of Netflow Analyser 4. Everything seems to be working well. However, I was looking at an application report, and UDP_App was listed. Drilling down to see which ports were involved, I saw this:
SrcIP:SrcPort DestIp:DestPort
a.b.c.d:51423 w.x.y.z:1026
Looking in my router logfiles, I saw that this flow was actually dropped by an ACL.
So:
- Is it usual for packets dropped by ACLs to appear in the Analyser?
- I only investigated this in any depth because it looked suspicious, only to find that it was dropped by an ACL anyway (a bit of a waste of my time!). Is there any way to distinguish between traffic that was dropped by an ACL and that which was not?
many thanks,
alec
I'm exporting data from a Cisco 2621XM to a demo version of Netflow Analyser 4. Everything seems to be working well. However, I was looking at an application report, and UDP_App was listed. Drilling down to see which ports were involved, I saw this:
SrcIP:SrcPort DestIp:DestPort
a.b.c.d:51423 w.x.y.z:1026
Looking in my router logfiles, I saw that this flow was actually dropped by an ACL.
So:
- Is it usual for packets dropped by ACLs to appear in the Analyser?
- I only investigated this in any depth because it looked suspicious, only to find that it was dropped by an ACL anyway (a bit of a waste of my time!). Is there any way to distinguish between traffic that was dropped by an ACL and that which was not?
many thanks,
alec
Topic Participants
alecw_me
netflow_support
New to M365 Manager Plus?
New to M365 Manager Plus?
New to RecoveryManager Plus?
New to RecoveryManager Plus?
New to Exchange Reporter Plus?
New to Exchange Reporter Plus?
New to SharePoint Manager Plus?
New to SharePoint Manager Plus?
New to ADManager Plus?