Hi Arianna, Please find the packet capture for Biflow IPFIX attached.
Thanks Rahul On Fri, Apr 3, 2015 at 9:18 AM, Arianna Avanzini <[email protected]> wrote: > On 03/04/2015 17:40, Rahul Jain wrote: > >> Hi, >> >> > Hi Rahul, > > Any help would be appreciated. >> >> Thanks >> Rahul >> >> On Wednesday, April 1, 2015, Rahul Jain <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi All, >> >> Does nprobe + ntopng support IPFIX Biflow. Can it decode the fields of >> Biflow properly. >> > > AFAIK Biflow is not supported. Could you please provide a pcap sample? I > assume the template is the one you set out below. > > Thank you, > Arianna > > >> Template for Biflow, >> flowStartSeconds >> flowStartSecond + PEN >> flowEndSeconds >> flowEndSeconds + PEN >> IP_SRC_ADDR >> IP_DST_ADDR >> L4_SRC_PORT >> L4_DST_PORT >> PROTOCOL >> biflowDirection >> PACKETS_TOTAL >> PACKETS_TOTAL + PEN >> BYTES_TOTAL >> BYTES_TOTAL + PEN >> >> Issues seen >> 1) Flow duration is not calculated properly >> 2) Counters are reported incorrectly. For ex: Host A is receiving >> traffic >> from Host B, GUI displays, Host A is sending traffic and acting as >> server, >> which means, biflowDirection field is ignored. Also TX and RX packets >> counts >> are reversed. >> >> Please let me know, if Biflow template is supported in nprobe + >> ntopng. >> >> Thanks >> Rahul >> >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> > > -- > /* > * Arianna Avanzini > * [email protected] > * http://ava.webhop.me > */ > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc >
cflow.pcap
Description: application/vnd.tcpdump.pcap
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
