I need to add that if I process a traffic request in a given simple timeslot, I always see a bidirectional flow with a big UDP traffic value corresponding to a different timeslot (in bold):
Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Out Pkt In Pkt Out Byte In Byte Flows 2020-04-20 21:51:44.796 0.000 UDP 200.63.169.126:47467 <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 8.8.8.8:53 <https://netflow.sintys.gob.ar/nfsen.php#null> 0 2 0 162 2 2020-04-20 21:51:51.092 0.072 TCP 200.63.169.116:32431 <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 104.104.17.152:443 <https://netflow.sintys.gob.ar/nfsen.php#null> 0 22 0 6544 2 2020-04-20 21:51:52.544 0.000 UDP 200.63.169.126:44829 <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 8.8.8.8:53 <https://netflow.sintys.gob.ar/nfsen.php#null> 0 2 0 162 2 2020-04-20 21:51:56.728 0.712 TCP 200.63.169.116:32432 <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 52.55.59.20:443 <https://netflow.sintys.gob.ar/nfsen.php#null> 0 18 0 5200 2 2020-04-20 21:52:11.996 0.000 UDP 200.41.181.76:24348 <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 8.8.8.8:53 <https://netflow.sintys.gob.ar/nfsen.php#null> 0 2 0 140 2*2020-04-20 21:26:02.872 1546.520 UDP 200.41.181.78:1194 <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 181.166.177.133:1194 <https://netflow.sintys.gob.ar/nfsen.php#null> 0 213368 0 125.1 M 2* 2020-04-20 21:52:11.076 3.656 TCP 200.63.169.119:20002 <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 200.70.32.2:8395 <https://netflow.sintys.gob.ar/nfsen.php#null> 0 90 0 15242 2 2020-04-20 21:52:10.124 0.000 UDP 200.63.169.126:48249 <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 8.8.8.8:53 <https://netflow.sintys.gob.ar/nfsen.php#null> 0 2 0 162 2 2020-04-20 21:51:50.992 0.000 UDP 200.63.169.126:51661 <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 8.8.8.8:53 <https://netflow.sintys.gob.ar/nfsen.php#null> 0 2 0 162 2 2020-04-20 21:52:00.912 0.028 TCP 200.63.169.116:32231 <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 172.217.172.67:443 <https://netflow.sintys.gob.ar/nfsen.php#null> 0 8 0 742 2 2020-04-20 21:51:58.248 0.008 TCP 200.63.169.116:32407 <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 104.20.90.238:443 <https://netflow.sintys.gob.ar/nfsen.php#null> 0 4 0 238 2 Why this behaviour is always present in the traffic requets??? Because nfsen traffic values are not real at all for a given timeslot. Thanks again !!! El lun., 20 abr. 2020 a las 23:11, Roberto Carna (<[email protected]>) escribió: > Dear, I have nfsen installed in a Debian box. It works OK. > > I have an Internet link with an ISP which give me two public IP blocks. > > So I've created a nfsen profile in order to measure the Internet link > traffic, in this way: > > Traffic IN: DST NET <block_1> OR DST NET <block_2> > > Traffic OUT: SRC NET <block_1> OR SRC NET <block_2> > > But the resulting traffic curve is not the same to the SNMP curve obtained > with my SNMP monitor software. > > Please can you tell me what can be wrong? Is it possible to obtain similar > traffic curves using nfsen and snmp? > > Special thanks !!! >
_______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
