[181130] in North American Network Operators' Group
Re: Fkiws with destination port 0 and TCP SYN flag set
daemon@ATHENA.MIT.EDU (Maqbool Hashim)
Wed Jun 17 05:59:50 2015
X-Original-To: nanog@nanog.org
From: Maqbool Hashim <maqbool@madbull.info>
To: Roland Dobbins <rdobbins@arbor.net>, "nanog@nanog.org" <nanog@nanog.org>
Date: Wed, 17 Jun 2015 09:54:21 +0000
In-Reply-To: <31EA52D2-44FE-4F51-BCFC-E6BF6E9B36B6@arbor.net>
DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR02MB0731;
H:HE1PR02MB0732.eurprd02.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: madbull.info
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2015 09:54:21.9994 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f57aeaa8-dc7e-4af4-977d-387320a70ed9
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR02MB0731
X-BeenThere: nanog@nanog.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: North American Network Operators Group <nanog.nanog.org>
List-Unsubscribe: <http://mailman.nanog.org/mailman/options/nanog>,
<mailto:nanog-request@nanog.org?subject=unsubscribe>
List-Archive: <http://mailman.nanog.org/pipermail/nanog/>
List-Post: <mailto:nanog@nanog.org>
List-Help: <mailto:nanog-request@nanog.org?subject=help>
List-Subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>,
<mailto:nanog-request@nanog.org?subject=subscribe>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Sender: "NANOG" <nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org>
Agreed. Might see if I can get netstat -antp output from the operators at =
some point though.
I will start with one of the hosts, looks like the whole flow capturing exe=
rcise for this LAN will need to be done using multiple laptops connected to=
the different access ports for the hosts. No RSPAN support on these switc=
hes and no netflow :(
________________________________________
From: NANOG <nanog-bounces@nanog.org> on behalf of Roland Dobbins <rdobbins=
@arbor.net>
Sent: 17 June 2015 10:44
To: nanog@nanog.org
Subject: Re: Fkiws with destination port 0 and TCP SYN flag set
On 17 Jun 2015, at 11:34, Maqbool Hashim wrote:
> What might be easier is to set up a span port for the hosts access
> port on the switch and grab that via the collector laptop I have.
It's better to collect as much information you have without perturbing
the systems involved, anyways.
-----------------------------------
Roland Dobbins <rdobbins@arbor.net>
