Hello to all,
I did an upgrade from nfdump 1.6.3 to 1.6.9. I use often option "-A" to
aggregate flows, but after upgrade I have that if I use that option source
address of all flow becomes this:
*[root@test2 15]# nfdump -r nfcapd.201305151054 -a -A dstip -o extended
-c 2
Date first seen Duration Proto Src IP Addr:Port
Dst IP Addr:Port Flags Tos Packets Bytes pps bps Bpp
Flows**
**2013-05-15 10:53:59.903 59.077 0 ** 0.0.0.0:0**
-> 224.0.0.1:0 ...... 0 250 71370 4 9664
285 176**
**2013-05-15 10:54:00.900 58.000 0 **0.0.0.0:0**
-> 172.16.50.212:0 ...... 0 59 7744 1 1068
131 59**
*
If I don't use that option results is:
*[root@test2 15]# nfdump -r nfcapd.201305151054 -a -o extended -c 2*
*Date first seen Duration Proto Src IP Addr:Port Dst
IP Addr:Port Flags Tos Packets Bytes pps bps Bpp Flows**
**2013-05-15 10:53:59.928 48.972 UDP 172.16.50.221:137 ->
172.16.51.255:137 ...... 0 43 3354 0 547
78 43**
**2013-05-15 10:54:00.900 58.000 ICMP 172.16.50.217:0 ->
172.16.50.212:3.3 ...... 192 59 7744 1 1068
131 59**
*
Anyone know if this is a normal behavior of new version of Nfdump or if it
can be a problem ?
Thank you to all
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
