On Thu, 6 Mar 2008, Phil Mayers wrote: > It depends on the platform, but on 6500s at least I know you get an > output interface of 0. > > Sadly you get an output interface of 0 for a whole lot of other stuff, > including glean failures (i.e. couldn't arp for the next hop), RPF > failures and also traffic to the box e.g. SSH sessions.
That's what I was thinking of before. On the router itself, it will usually represent the interface as Null0 in the output of something like "show ip cache flow". Your other option would be to use an RTBH type solution to shunt the offending traffic to an outside box for more detailed analysis. jms _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
