Cisco Flexible Netflow (FNF) - "Top Talkers" Commands
General commands to show the FNF setup
show run flow exporter show run flow monitor show run flow record show flow interface show flow exporter show flow monitor show flow record
Using FNF Top N Talkers to analyse network traffic
No configuration tasks are associated with the Flexible NetFlow Top N Talkers Support feature - show commands only. There are three basic commands that can be used individually or combined to filter, aggregate and sort the flow monitor cache. The aggregate command aggregates the flow monitor cache data with a different record than the cache was created with.
show flow monitor <MONITOR NAME> cache filter options [regexp regexp] [...options [regexp regexp [format {csv | record | table}]
show flow monitor [name] monitor-name cache aggregate {options [...options] [collect options [...options]] | record record-name} [format {csv | record | table}]
show flow monitor [name] monitor-name cache sort options [top [number]][format {csv | record | table}]
Note When the top keyword is not used with a sort, the default number of sorted flows shown is 20.
Example Filter - filters the flow monitor cache data on the IPv4 type of service (ToS) value:
show flow monitor <MONITOR NAME> cache filter ipv4 tos regexp 0x(C0|50)
Example Aggreagate - Aggregates the flow monitor cache data on the IPv4 destination address and displays the cache data for the IPv4 protocol type and input interface nonkey fields:
show flow monitor <MONITOR NAME> cache aggregate ipv4 destination address collect ipv4 protocol interface input
Example Sort - Displays the cache data sorted on the number of packets from highest to lowest and limits the output to the three highest volume flows:
show flow monitor <MONITOR NAME> cache sort highest counter packets top 3