Enable top talkers for a quick view of traffic flowing through

Scott Nishimura · ‎02-02-2011

Here is a quick way to enable netflow top talkers to see what traffic is flowing through the router. This is especially useful during an attack and you want to see what types of traffic and where most of the traffic load is coming from.

To enable netflow and netflow top talkers on a 12.4t box:

config t
interface vlan X (this can be a vlan or an interface)
ip flow ingress
ip flow egress

can monitor using:

show ip cache flow
show ip cache verbose flow

To get top talkers working:

config t
ip flow-top-talkers
top 10 (number of top talkers shown - up to 200)
sort-by bytes (can be sorted by bytes or packets)

To check:
show ip flow top
show ip flow top verbose

Documents on top talkers:
http://www.cisco.com/en/US/docs/ios/netflow/configuration/guide/cfg_nflow_top_talk.html#wp1056651

how to troubleshoot DOS attacks with netflow:
http://www.cisco.com/en/US/docs/ios/netflow/configuration/guide/nf_detct_analy_thrts.html

yamikani2g2 · ‎11-14-2019

#show ip flow top verbose
% Top talkers not configured

Followed your steps below???

interface GigabitEthernet0/0.10
ip flow ingress
ip flow egress

To get top talkers working:

config t
ip flow-top-talkers
top 20

tkalfaoglu · ‎09-01-2023

Thanks for this info.. However the chart only shows our incoming (public) IP, but not the NAT target from there..

How can I get a top-talker with the local IP's listed as well?

Thanks!