Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
195
Views
0
Helpful
1
Replies

Egress Filter - spoof packets denied

admin_2
Level 3
Level 3

‎04-01-2004 09:10 AM - edited ‎03-02-2019 02:43 PM

I applied Egress filters on my external routers to only allow out my valid NAT IPs. looking at the logs I see single packets with spoof addresses blocked every 15 to 20 minutes

How can I find where these are coming from. I assume a sniffer which i do not have. If it is a Sniffer that is needed are there any recommended ones and how is it used in a switched environment.

Thanks

Labels:
0 Helpful
1 Reply 1

amritpatek
Level 6
Level 6

‎04-07-2004 07:06 AM

To use a sniifer in switched environement, you need to use the SPAN feature on the switches. This doc might help you :

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008015c612.shtml

0 Helpful
Customers Also Viewed These Support Documents