Here is a quick way to enable netflow top talkers to see what traffic is flowing through the router. This is especially useful during an attack and you want to see what types of traffic and where most of the traffic load is coming from.
To enable netflow and netflow top talkers on a 12.4t box:
config t
interface vlan X (this can be a vlan or an interface)
ip flow ingress
ip flow egress
can monitor using:
show ip cache flow
show ip cache verbose flow
To get top talkers working:
config t
ip flow-top-talkers
top 10 (number of top talkers shown - up to 200)
sort-by bytes (can be sorted by bytes or packets)
To check:
show ip flow top
show ip flow top verbose
Documents on top talkers:
http://www.cisco.com/en/US/docs/ios/netflow/configuration/guide/cfg_nflow_top_talk.html#wp1056651
how to troubleshoot DOS attacks with netflow:
http://www.cisco.com/en/US/docs/ios/netflow/configuration/guide/nf_detct_analy_thrts.html