Hi Luca, Thank you very much for your reply.
I want to use nProbe in sniffer mode which means both directional packets come in and nothing goes out of the interface. Iam not sure specifying OUT_PKTS and OUT_BYTES in sniffer mode gives the intended result. Let me provide you with what i saw. I invoked nProbe as follows: ---------------------------------------- nprobe -n 10.6.100.134:9992 -m 1 -r TCP_20min_conn.dmp -V 9 -U 260 -T "%LAST_SWITCHED %FIRST_SWITCHED %IN_PKTS %IN_BYTES %OUT_PKTS %OUT_BYTES %IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_SRC_PORT %L4_DST_PORT %PROTOCOL %TCP_FLAGS" The input file TCP_20min_conn.dmp contains a complete bidirectional 20min ssh connection. I captured the NetFlow output from nProbe using tcpdump into nf.dmp. I have attached both the files. Please note that in nf.dmp the data flowset (flowset 4) contains IN_BYTES/PKTS while OUT_PKTS/BYTES (type 23/24) are empty. The IN_BYTES/PKTS seems to give me info for one direction. So what should i do get the info for pkts from server to client. Thanks and looking forward to your reply, Subra. On 7/15/07, Luca Deri <[EMAIL PROTECTED]> wrote:
Subra in V9 the two directions IN/OUT are listed in the same flow (e.g. bytes_in and bytes_out) so you should have this info already. Regards, Luca On 09/lug/07, at 21:08, subramanian ramasamy wrote: > Hi, > > Iam new to NetFlow and nProbe. > > I have a tcpdump file which is a complete 20 min SSH Traffic > between two machines. I ran nProbe with input from the captured > tcpdump file and asked it to export it to a collector machine. I > ran tcpdump on the collector's machine and captured the NF V9 > traffic from nProbe and saved this to a dmp file. I later examined > this dmp file using wireshark. > > What is see is 4 flowsets: Template flowset:0, options flowset:1, > Data flowset:261(options data), Data Flowset: 260. > > The data flowset 260 seems to contains data for only one-direction > of the my recorded 20 min TCP flow, client to server direction. > > How do i get nProbe to tell/export the information for the other > direction, ie. server to client direction ? > > Thanks, > Subra. > _______________________________________________ > Ntop-dev mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-dev _______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
nf.dmp
Description: Binary data
TCP_20min_conn.dmp
Description: Binary data
_______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
