To detect viruses if got to the switch or router

Unanswered Question
Mar 15th, 2007
User Badges:

Hi,

I have a layer 2 switch 2950, and a router 2811, can I know if there is virus attack on one PC (IP: 10.33.33.1) i will be able to know where it coming from?

My customer basically wanna to pin down the PC who is being infected.


Thanks.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
spremkumar Thu, 03/15/2007 - 23:18
User Badges:
  • Red, 2250 points or more

Hi


Do enable ip route-cache flow under the ethernet interface of Cisco 2811 where your local lan is connected.


Once you have enabled the same use show ip cache flow command to find out the traffic transactions with enough details like number of packets source/destination ip address as well as source/destination port numbers..


You can also verify the link for more info on the same..


http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124tcr/tnf_r/nfl_a1ht.htm#wp1485854


regds


Actions

This Discussion