I have a layer 2 switch 2950, and a router 2811, can I know if there is virus attack on one PC (IP: 10.33.33.1) i will be able to know where it coming from?
My customer basically wanna to pin down the PC who is being infected.
Do enable ip route-cache flow under the ethernet interface of Cisco 2811 where your local lan is connected.
Once you have enabled the same use show ip cache flow command to find out the traffic transactions with enough details like number of packets source/destination ip address as well as source/destination port numbers..
You can also verify the link for more info on the same..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: