12-08-2021 07:23 AM
Using Cisco Stealthwatch, I followed the instructions to Start Traffic via a putty console. AT the end of all the input the 'firstrun' script completes, but I don't see any traffic appearing in Stealthwatch Management Console. After the 'firstrun' script had completed I did a 'reboot'.
What have I missed?
12-08-2021 03:09 PM
Interesting situation! Can you provide the link to the instructions so can follow along and see if we encounter the same issue?
12-09-2021 01:15 AM
It's on the 'Start Traffic' tab when running the Cisco StealthWatch in Sandbox:
Starting CDS Traffic Flow
-------------------------
Once a reservation has setup and reached "Active" state, users can start the CDS traffic flow towards the UDP director.
This is then picked up and displayed my th e Stealthwatch Management Center monitoring.
This sandbox contains the following:
Once the Sandbox reservation has become Active connect to the VPN as instructed in the output window or the email
Brower to the UPD Director and login with admin/C1sco12345
Scroll down on the main page to the interfaces. Note the MAC address of the Eth0 interface.
We now need to start the traffic from the CDS Traffic generator. Ssh root@10.10.20.64 (password is lan1cope)
Once connected, the firstrun script will trigger
Hit n to the configuration XML question
Accept the default hostname for the box
Set domain to lab.devnetsandbox.local
IP address of DNS server is 10.17.248.11
IP address of NTP server is 10.17.251.250
The MAC address for the UDP director is then requested. Enter the MAC from step 3 above in xx:xx:xx:xx:xx:xx notation
The IP address of UDP Director should be set to 10.10.20.63
The IP address of Flow Sensor should be set to 10.10.20.62
The IP address of the Flow Collector should be set to 10.10.20.61
Enter y to accept the setting. A script will run to rewrite the .pcap files, taking just a moment.
Browse to Stealthwatch Management Center GUI and check the flows on the main page. It may take 10 minutes or so to register the traffic flow
cheers
12-10-2021 01:37 AM
hi Gerry, no traffic showed up, also not after like 10-30 minutes? Are you sure you typed in the right IP's etc.? I have notified the Stealthwatch team as well.
12-10-2021 01:57 AM
Yes, I believe I put in the correct IP Addresses, also left it for more than half an hour. I've tried it a few times (and will again today).
12-13-2021 12:35 AM
hi Gerry, I have filed a ticket for this. this behavior seems replicable. we will keep you posted. in the mean time you might need to manually create traffic. apologies for the inconvenience!
06-14-2024 12:48 PM
I'm having the same issue. Very little traffic is being generated by the CDS (i.e. 2 Flows/second). How can I manually create traffic?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide