Hi there, So I'm just playing around with my first 36 hours worth of data and I'm seeing some stuff that looks sort of off:
** nfdump -M /opt/nfsen/profiles-data/live/bfr01-hudson:bfr01-mowat:bfr01-front -T -R 2013/01/02/nfcapd.201301022305:2013/01/04/nfcapd.201301041055 -n 10 -s as/bps nfdump filter: any Top 10 AS ordered by bps: Date first seen Duration Proto AS Flows(%) Packets(%) Bytes(%) pps bps bpp 2013-01-02 22:39:46.290 130797.681 any 0 21.1 M(85.9) 42.2 G(87.5) 30.0 T(88.5) 322585 1.8 G 710 2013-01-03 10:10:43.424 0.016 any 30513 2( 0.0) 2000( 0.0) 3.0 M( 0.0) 125000 1.5 G 1500 2013-01-03 08:53:20.734 0.015 any 37957 2( 0.0) 2000( 0.0) 1.5 M( 0.0) 133333 810.7 M 760 2013-01-04 10:23:02.606 0.017 any 35414 2( 0.0) 2000( 0.0) 1.5 M( 0.0) 117647 727.5 M 773 2013-01-03 14:25:51.067 0.017 any 33428 2( 0.0) 2000( 0.0) 1.5 M( 0.0) 117647 692.7 M 736 2013-01-03 13:37:35.176 0.039 any 46676 1( 0.0) 2000( 0.0) 2.8 M( 0.0) 51282 582.6 M 1420 2013-01-04 00:43:04.529 0.048 any 15347 1( 0.0) 2000( 0.0) 2.8 M( 0.0) 41666 473.3 M 1420 2013-01-03 15:58:33.535 0.077 any 47045 1( 0.0) 3000( 0.0) 4.3 M( 0.0) 38961 442.6 M 1420 2013-01-02 23:02:16.952 129445.016 any 22822 4.0 M(16.2) 8.9 G(18.5) 6.4 T(19.0) 68835 398.2 M 723 2013-01-03 14:52:54.865 0.031 any 19354 2( 0.0) 2000( 0.0) 1.5 M( 0.0) 64516 379.9 M 736 Summary: total flows: 24583165, total bytes: 33.9 T, total packets: 48.2 G, avg bps: 2.1 G, avg pps: 368688, avg bpp: 702 Time window: 2013-01-02 22:39:34 - 2013-01-04 10:59:43 Total flows processed: 24583165, Blocks skipped: 0, Bytes read: 2261849088 Sys: 8.970s flows/second: 2740403.8 Wall: 10.563s flows/second: 2327242.5 Lines 1 and 9 seem OK, but lines 2-8,10 look really weird; the math just doesn't add up. If I filter specifically on AS 30513: ** nfdump -M /opt/nfsen/profiles-data/live/bfr01-hudson:bfr01-mowat:bfr01-front -T -R 2013/01/02/nfcapd.201301022305:2013/01/04/nfcapd.201301041055 -n 10 -s as/bps nfdump filter: AS 30513 Top 10 AS ordered by bps: Date first seen Duration Proto AS Flows(%) Packets(%) Bytes(%) pps bps bpp 2013-01-03 10:10:43.424 0.016 any 0 2(100.0) 2000(100.0) 3.0 M(100.0) 125000 1.5 G 1500 2013-01-03 10:10:43.424 0.016 any 30513 2(100.0) 2000(100.0) 3.0 M(100.0) 125000 1.5 G 1500 Summary: total flows: 2, total bytes: 3.0 M, total packets: 2000, avg bps: 1.5 G, avg pps: 125000, avg bpp: 1500 Time window: 2013-01-02 22:39:34 - 2013-01-04 10:59:43 Total flows processed: 24583165, Blocks skipped: 0, Bytes read: 2261849088 Sys: 7.574s flows/second: 3245367.9 Wall: 8.594s flows/second: 2860278.3 I have no idea how to even begin going about troubleshooting this, so any thoughts are welcomed. Thanks again in advance. ------------------------------------------------------------------------------ Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812 _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
