Hi,
I am looking at a Netflow trace for one direction through an interface on a router. And I want to seperate ACK flows which is the result of transferring data in the other direction.
If the first packet is SYN/ACK, I think it is the beginning packet of such a flow. But due the aggregation of Netflow, I can not seperate them from flows with two packets SYN and ACK sent in 1 minute.
Do you have any suggestion for an approximation?
What if I filter out flows with SYN/ACK flag set, and the average packet size is less than 50Bytes? Is it an close approximation to filter out ACK flows?
thanks a lot,
zs
Add photos to your messages with MSN 8. Get 2 months FREE*.
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
