[Nfsen-discuss] Duplicate Flows

Sun, 27 Nov 2011 19:02:05 -0800 

I interpret the flows with x> as duplicates.  Any idea what might be
causing this?  Time stamps seem to be the same and I'm only using one
netflow device.  I seem to see this sporadically and it seems more
prevalent with larger flows.

** nfdump -M /usr/local/nfsen/profiles-data/live/upstream1  -T  -r
nfcapd.201111271540 -c 20
nfdump filter:
ip 192.168.1.44 and ip 65.126.84.130
Date flow start          Duration Proto      Src IP Addr:Port
Dst IP Addr:Port   Packets    Bytes Flows
2011-11-26 03:23:40.920     0.112 TCP       192.168.1.44:49714
<http://192.168.1.11/nfsen/nfsen.php#null> ->    65.126.84.130:80
<http://192.168.1.11/nfsen/nfsen.php#null>           5      624     1
2011-11-26 03:23:40.964     0.112 TCP      65.126.84.130:80
<http://192.168.1.11/nfsen/nfsen.php#null>    ->
192.168.1.44:49714 <http://192.168.1.11/nfsen/nfsen.php#null>        5
     534     1
A> 2011-11-26 03:23:41.108    77.836 TCP       192.168.1.44:49713
<http://192.168.1.11/nfsen/nfsen.php#null> ->    65.126.84.130:80
<http://192.168.1.11/nfsen/nfsen.php#null>       31880    1.7 M     1
B> 2011-11-26 03:23:41.152    77.832 TCP      65.126.84.130:80
<http://192.168.1.11/nfsen/nfsen.php#null>    ->
192.168.1.44:49713 <http://192.168.1.11/nfsen/nfsen.php#null>    49045
  73.6 M     1
A> 2011-11-26 03:23:41.108    77.836 TCP       192.168.1.44:49713
<http://192.168.1.11/nfsen/nfsen.php#null> ->    65.126.84.130:80
<http://192.168.1.11/nfsen/nfsen.php#null>       31880    1.7 M     1
B> 2011-11-26 03:23:41.152    77.832 TCP      65.126.84.130:80
<http://192.168.1.11/nfsen/nfsen.php#null>    ->
192.168.1.44:49713 <http://192.168.1.11/nfsen/nfsen.php#null>    49045
  73.6 M     1
Summary: total flows: 6, total bytes: 150.4 M, total packets: 161860,
avg bps: 15.4 M, avg pps: 2073, avg bpp: 929

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Reply via email to