Hi,
I don't see anything wrong. The two output listings represent, what you were
nfdump asking for.
-a is equiv to -a -A proto,srcip,dstip,srcport,dstport
so you compare -a -A proto,srcip,dstip,srcport,dstport wiht -a -A dstip which
obviously results in two different output
listings. Unused elements in a flow are zeroed out.
Hope, that helps.
- Peter
On 5/15/13 W20 12:57, marcello pisano wrote:
> Hello to all,
>
> I did an upgrade from nfdump 1.6.3 to 1.6.9. I use often option "-A" to
> aggregate flows, but after upgrade I have that
> if I use that option source address of all flow becomes this:
>
>
> //[root@test2 15]# nfdump -r nfcapd.201305151054 -a -A dstip -o extended
> -c 2
>
> /Date first seen Duration Proto Src IP Addr:Port
> Dst IP Addr:Port Flags Tos Packets
> Bytes pps bps Bpp Flows//
> //2013-05-15 10:53:59.903 59.077 0 //*0.0.0.0:0
> <http://0.0.0.0:0>*// -> 224.0.0.1:0
> <http://224.0.0.1:0> ...... 0 250 71370 4 9664
> 285 176//
> //2013-05-15 10:54:00.900 58.000 0 //*0.0.0.0:0
> <http://0.0.0.0:0>*// -> 172.16.50.212:0
> <http://172.16.50.212:0> ...... 0 59 7744 1 1068
> 131 59//
> /
> If I don't use that option results is:
>
> /[root@test2 15]# nfdump -r nfcapd.201305151054 -a -o extended -c 2/
>
> /Date first seen Duration Proto Src IP Addr:Port Dst
> IP Addr:Port Flags Tos Packets
> Bytes pps bps Bpp Flows//
> //2013-05-15 10:53:59.928 48.972 UDP 172.16.50.221:137
> <http://172.16.50.221:137> -> 172.16.51.255:137
> <http://172.16.51.255:137> ...... 0 43 3354 0 547
> 78 43//
> //2013-05-15 10:54:00.900 58.000 ICMP 172.16.50.217:0
> <http://172.16.50.217:0> -> 172.16.50.212:3.3
> ...... 192 59 7744 1 1068 131 59//
> /
>
>
> Anyone know if this is a normal behavior of new version of Nfdump or if it
> can be a problem ?
>
> Thank you to all
>
>
> ------------------------------------------------------------------------------
> AlienVault Unified Security Management (USM) platform delivers complete
> security visibility with the essential security capabilities. Easily and
> efficiently configure, manage, and operate all of your security controls
> from a single console and one unified framework. Download a free trial.
> http://p.sf.net/sfu/alienvault_d2d
>
>
>
> _______________________________________________
> Nfdump-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
--
--
Be nice to your netflow data
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
