Hi,
I just installed Nfsen into my box and send the sflow data from foundry MLX.
I would like to capture the source and destination AS for the traffic going
through the foundry, but the source and destination AS that i get is 0.
*** nfdump -M /var/nfsen/profiles-data/SYD-EE/test2/PacNet7543 -T -r
2007/12/13/nfcapd.200712131430 -n 10 -s dstas/flows
nfdump filter:
any*
Top 10 Dst AS ordered by flows:
Date first seen Duration Proto Dst AS Flows Packets Bytes pps bps bpp
2007-12-13 14:30:01.122 298.426 any 0 600 1.2 M 458.1 M 4117 12.3 M 390
Summary: total flows: 600, total bytes: 458.1 M, total packets: 1.2 M, avg
bps: 12.3 M, avg pps: 4117, avg bpp: 390
Time window: 2007-12-13 14:30:01 - 2007-12-13 14:34:59
Total flows processed: 600, Records skipped: 0, Bytes read: 31212
Sys: 0.000s flows/second: 600600.6 Wall: 0.000s flows/second: 3243243.2
*** nfdump -M /var/nfsen/profiles-data/SYD-EE/test2/PacNet7543 -T -r
2007/12/13/nfcapd.200712131430 -n 10 -s srcas/flows
nfdump filter:
any*
Top 10 Src AS ordered by flows:
Date first seen Duration Proto Src AS Flows Packets Bytes pps bps bpp
2007-12-13 14:30:01.122 298.426 any 0 600 1.2 M 458.1 M 4117 12.3 M 390
Summary: total flows: 600, total bytes: 458.1 M, total packets: 1.2 M, avg
bps: 12.3 M, avg pps: 4117, avg bpp: 390
Time window: 2007-12-13 14:30:01 - 2007-12-13 14:34:59
Total flows processed: 600, Records skipped: 0, Bytes read: 31212
Sys: 0.000s flows/second: 600600.6 Wall: 0.000s flows/second: 2597402.6
I can get some result if it is based on source IP:
*** nfdump -M /var/nfsen/profiles-data/SYD-EE/test2/PacNet7543 -T -r
2007/12/13/nfcapd.200712131430 -n 10 -s srcip/flows
nfdump filter:
any*
Top 10 Src IP Addr ordered by flows:
Date first seen Duration Proto Src IP Addr Flows
Packets Bytes pps bps bpp
2007-12-13 14:30:01.122 294.891 any 124.108.96.67
<http://172.16.98.22/nfsen.php#null> 71 145408 11.9 M
493 338690 85
2007-12-13 14:30:15.047 284.500 any 203.84.217.27
<http://172.16.98.22/nfsen.php#null> 38 77824 22.3 M
273 657145 300
2007-12-13 14:30:03.947 275.546 any 203.84.217.32
<http://172.16.98.22/nfsen.php#null> 28 57344 52.2 M
208 1.5 M 954
2007-12-13 14:30:07.586 291.961 any 124.108.96.113
<http://172.16.98.22/nfsen.php#null> 18 36864 42.7 M
126 1.2 M 1214
2007-12-13 14:30:50.826 27.036 any 203.17.174.90
<http://172.16.98.22/nfsen.php#null> 16 32768 14.1 M
1212 4.2 M 451
2007-12-13 14:30:50.826 101.214 any 203.14.43.106
<http://172.16.98.22/nfsen.php#null> 13 26624 22.2 M
263 1.8 M 874
2007-12-13 14:30:01.122 210.535 any 124.108.96.112
<http://172.16.98.22/nfsen.php#null> 12 24576 25.8 M
116 1028635 1101
2007-12-13 14:30:27.115 238.307 any 124.108.97.193
<http://172.16.98.22/nfsen.php#null> 11 22528 7.4 M
94 260843 344
2007-12-13 14:31:21.109 218.438 any 203.100.255.197
<http://172.16.98.22/nfsen.php#null> 11 22528 17.2 M
103 661096 801
2007-12-13 14:30:03.947 207.710 any 125.255.48.210
<http://172.16.98.22/nfsen.php#null> 10 20480 819200
98 31551 40
Summary: total flows: 600, total bytes: 458.1 M, total packets: 1.2 M,
avg bps: 12.3 M, avg pps: 4117, avg bpp: 390
Time window: 2007-12-13 14:30:01 - 2007-12-13 14:34:59
Total flows processed: 600, Records skipped: 0, Bytes read: 31212
Sys: 0.001s flows/second: 300150.1 Wall: 0.001s flows/second: 480384.
*Another info is, *my foundry box does not run any BGP protocol
because a peering switch, the BGP config is actually in the route
server. Is this the cause of why i can only get source/destination AS
0?
Thank you for your assistance
--
Regards,
Affandi Indraji
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
