NetFlow Demo

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
1 hour 43 minutes
Difficulty
Intermediate
CEU/CPE
2
Video Transcription
00:00
welcome everyone in this lab. We will be looking into configuring basic net flow on router zero A. M s has many different features for monitoring, which includes its own that flow collector and analyzer.
00:14
Let's start off by configuring rather zero interface that will be monitored with that flow.
00:19
The interface can be configured in either ingress or egress directions.
00:24
In actual operations, you can verify which interfaces up by using the show I p interface Brief command.
00:31
Let's open up further zero
00:37
and verify which in their face we could use for a net flow. So it's a show i p interface
00:45
brief.
00:46
And as he can see fast, Ethan, A 00 is in the up upstate with a configured I p of five. That one or 19 to 1 succeed if either one to be exact.
00:59
So let's head over to the interface configure terminal
01:04
in her face
01:07
Fast, Ethernet zero or interface. If a
01:14
All right, So the command here would be
01:18
I p flow ingress
01:21
and I p fellow egress.
01:26
All right, let's verify this show. Run,
01:33
all right, because he has been configured Great.
01:38
Now let's configure around zero to send the flow records so than that flow collector
01:44
in this case, Server Zero.
01:46
In this packet, trace of version six point to the server uses you the P port and then in six for its net flow collection software. So we'll just follow this to get the configuration working properly
01:59
in actual network operations, However, you may decide to use a different port number, which can be adjusted in your animus.
02:07
All right, let's configure it right now.
02:09
Configured Terminal Convict E
02:14
and the commanders I p flow
02:19
export
02:21
The destination server I p is 19 to 168 thought five
02:27
10
02:30
and the port number would be 9996
02:35
All right, and see what first then we can export with
02:42
Grushin.
02:44
Okay, so let's just use version nine.
02:47
All right
02:51
now let's head over to our server to make sure that the Netflix collection is enabled.
02:58
Right? Let's open the server.
03:05
Just
03:07
that flow collector. All right, let's enable this. Just keep this up and let's add in some traffic to run on Brother Zeros. Interface fast. Ethan at 00
03:23
All right, so currently, PC zero p c one doesn't have any i p. Addressing
03:28
So let's configure the teepee on Rodeo zero.
03:34
All right? I p D c p. Cool.
03:38
Let's call it test
03:43
that we're quitting to one succeed Final 02 lives. That zero
03:50
default router wanting to once exceed the 51
03:57
And let's just add in the Dina Server
04:00
51
04:03
All right,
04:06
let's see.
04:11
Let's close this up for the meantime, but before that, let's save the configurations.
04:15
Copy. Run, start.
04:21
Okay, let's open up. PC zero.
04:30
Right.
04:32
Check the I P configurations.
04:39
All right, That's good.
04:42
It's close at it.
04:44
Let's do a quick pink tests to the
04:46
router.
04:48
51
04:53
All right.
04:59
And that's also open the
05:01
PC's PC one.
05:10
All right, you can see there this some traffic
05:13
being shown that then that were collector
05:16
streets like this. Okay. Searched from five to which was P. C. Zero.
05:26
And as you can see all the information here,
05:30
let me drink this down a little bit.
05:34
All right?
05:40
So this basically resulted from
05:43
the ping and the CPI that we enabled.
05:46
All right, let's continue to PC one.
05:53
All right,
05:57
let's enable to D c p.
06:00
All right. So it's 53 this time.
06:04
And let's do another pink test
06:10
51
06:15
Okay,
06:27
I looked a bit
06:31
all right for the to
06:38
you see there for that, too.
06:40
That's probably the pink tests that we did earlier.
06:45
And from 53 as well.
06:48
Just saying
06:53
it's also worse to note another command you can verify on rather zero. So let's head over. Back to
07:00
are zero.
07:04
Okay, so this one's actually something we can
07:10
verify. Show I pdc binding.
07:17
Okay, So basically, for this ping conflict is because I x I forgot to include in another command, which is
07:26
the excludes command
07:30
address. And the start would be, Let's see
07:34
for the one
07:38
and
07:40
make it
07:41
for the 10
07:44
copier and start.
07:47
All right.
07:49
So since I include the excluded command
07:55
from 512 for the tents. So if we were to renew the i p addressing from PC zero, for example,
08:07
and make it TCP, you would be starting from 5 11 as you can see there
08:13
separate.
08:20
All right, So the other command and as he gets here as well from the net flow
08:28
probably another D c. P. Request.
08:33
All right.
08:33
And yes. And another command you can verify is show I P
08:41
cash flow
08:45
so you can see there. ICMP The pink tests were did earlier and the a c p
08:52
So this but being a very simple configuration is very exciting to see how it works.
09:01
And there's basically if for our demo.
Up Next