Hi, first of all: thank you very much for these awesome tools.
I have a question regarding nfsen and the flow data visualization. My goal is to have a profile that visualizes the traffic with respect to the directions, i.e., inside-outside and outside-inside, independent from the actual flow's direction. I get the netflow (v9) from an ASA5505 (9.1(3)), using nfcapd (nfdump version 1.6.12). nfdump was compiled with --enable-nfprofile --enable-nftrack --enable-sflow --enable-nsel The flows themselves look perfectly fine, when using nfdump, except for the fact that the packet count is always 0, e.g., Date first seen Event XEvent Proto Src IP Addr:Port Dst IP Addr:Port X-Src IP Addr:Port X-Dst IP Addr:Port In Byte Out Byte 2014-11-20 20:21:31.929 CREATE Ignore TCP 192.168.0.1:54321 -> x.x.x.x:443 y.y.y.y:54321 -> x.x.x.x:443 0 0 2014-11-20 20:21:31.929 DELETE 2028 TCP 192.168.0.1:54321 -> x.x.x.x:443 y.y.y.y:54321 -> x.x.x.x:443 1234 4567 where 192.168.0.1 is some inside-Client, y.y.y.y is some webserver, x.x.x.x is the ASA's outside-IP. As far as I as understood, an ASA flow is bidirectional per se. For this reason, I cannot have a split traffic view, using a filter like "IN IF <outside_if_index>", and "OUT IF <outside_if_index>", respectively. Is that right? Is there another way to have such a directional traffic view? Thank you very much in advance. Best regards, Simon ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
