On 03/04/2015 17:40, Rahul Jain wrote:
Hi,
Hi Rahul,
Any help would be appreciated.
Thanks
Rahul
On Wednesday, April 1, 2015, Rahul Jain <[email protected]
<mailto:[email protected]>> wrote:
Hi All,
Does nprobe + ntopng support IPFIX Biflow. Can it decode the fields of
Biflow properly.
AFAIK Biflow is not supported. Could you please provide a pcap sample? I assume
the template is the one you set out below.
Thank you,
Arianna
Template for Biflow,
flowStartSeconds
flowStartSecond + PEN
flowEndSeconds
flowEndSeconds + PEN
IP_SRC_ADDR
IP_DST_ADDR
L4_SRC_PORT
L4_DST_PORT
PROTOCOL
biflowDirection
PACKETS_TOTAL
PACKETS_TOTAL + PEN
BYTES_TOTAL
BYTES_TOTAL + PEN
Issues seen
1) Flow duration is not calculated properly
2) Counters are reported incorrectly. For ex: Host A is receiving traffic
from Host B, GUI displays, Host A is sending traffic and acting as server,
which means, biflowDirection field is ignored. Also TX and RX packets counts
are reversed.
Please let me know, if Biflow template is supported in nprobe + ntopng.
Thanks
Rahul
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
--
/*
* Arianna Avanzini
* [email protected]
* http://ava.webhop.me
*/
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
