CCNA CyberOps SECOPS – Objective 2.3

August 7, 2019

Identify the elements from a NetFlow v5 record from a security event
Implementing Cisco Cybersecurity Operations (210-255)

When it comes to Netflow, the 5-tuple is king. Be sure to know the 5-tuple.

Source IP Address	Destination IP Address	Source Port	Destination Port	Protocol
10.1.1.2	192.168.1.3	23343	443	TCP
10.1.3.3	192.168.3.2	43232	53	UDP
192.168.4.5	172.16.3.2	32321	25	TCP

Beyond the 5-tuple, Netflow v9 and IPFIX (Industry Standard) allow for many other attributes to be recorded.

IOS-XE Configuration of Netflow

flow exporter MY_FLOW_EXPORTER 
  description Netflow Exporter Example
  destination mynetflowcollector.contoso.com
  export-protocol netflow-v9
  transport udp 2205 
  exit 
flow monitor MY_NETFLOW_MONITOR 
  exporter MY_FLOW_EXPORTER
int GigabitEthernet1/0/1
  ip flow monitor MY_NETFLOW_MONITOR input
  ip flow monitor MY_NETFLOW_MONITOR output

Related

Blog, CCNA CyberOps, Certification, cisco

| Tags: CCNA CyberOps, certification, cisco, Cisco Certified Cyber Ops Associate, Netflow

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Ben Story 2024.

© Pack IT Forwarding 2024. Powered by WordPress