[Nfsen-discuss] NfSen and IPFIX

Alexandro Marcelo Zacaron Mon, 14 Jan 2013 18:31:28 -0800

Hi list,

I could not solve yet the problem with NfSen and IPFIX using sw Extreme.


What leaves me puzzled is the same sw send sFlow flows that is right, but
the IPFIX flows the some fields is wrong, like date.


Below list of flows sFlow: (date it's ok)
=================================

** nfdump -M /usr/local/nfsen/profiles-data/live/sw-DC-sFlow  -T  -r
2012/11/14/nfcapd.201211141050 -n 10 -s ip/flows
nfdump filter:
any
Top 10 IP Addr ordered by flows:
Date first seen          Duration Proto           IP Addr    Flows(%)
   Packets(%)       Bytes(%)         pps      bps   bpp
2012-11-14 10:50:01.115   298.814 any        189.90.67.48
<http://189.90.66.70/nfsen/nfsen.php#null>      896(48.9)
229376(48.9)   76.7 M(33.4)      767    2.1 M   334
2012-11-14 10:50:01.115   298.814 any        189.90.65.11
<http://189.90.66.70/nfsen/nfsen.php#null>      879(48.0)
225024(48.0)  147.4 M(64.2)      753    3.9 M   655
2012-11-14 10:50:01.115   298.814 any        172.31.66.52
<http://189.90.66.70/nfsen/nfsen.php#null>      771(42.1)
197376(42.1)   66.7 M(29.0)      660    1.8 M   338
2012-11-14 10:52:10.180   128.212 any         10.90.66.77
<http://189.90.66.70/nfsen/nfsen.php#null>      138( 7.5)    35328(
7.5)   34.9 M(15.2)      275    2.2 M   988
2012-11-14 10:50:01.115   294.230 any        10.90.67.189
<http://189.90.66.70/nfsen/nfsen.php#null>      137( 7.5)    35072(
7.5)    8.0 M( 3.5)      119   216841   227
2012-11-14 10:50:03.098   295.822 any        172.31.66.51
<http://189.90.66.70/nfsen/nfsen.php#null>      128( 7.0)    32768(
7.0)   10.1 M( 4.4)      110   272028   306
2012-11-14 10:54:00.573    59.356 any         10.90.66.84
<http://189.90.66.70/nfsen/nfsen.php#null>      107( 5.8)    27392(
5.8)   25.3 M(11.0)      461    3.4 M   923
2012-11-14 10:50:01.115   293.229 any        10.90.67.241
<http://189.90.66.70/nfsen/nfsen.php#null>      100( 5.5)    25600(
5.5)   24.9 M(10.8)       87   678301   971
2012-11-14 10:50:03.888   293.002 any        10.90.67.161
<http://189.90.66.70/nfsen/nfsen.php#null>       89( 4.9)    22784(
4.9)    8.2 M( 3.6)       77   222797   358
2012-11-14 10:50:03.098   289.229 any        10.90.67.190
<http://189.90.66.70/nfsen/nfsen.php#null>       73( 4.0)    18688(
4.0)    5.2 M( 2.3)       64   143834   278




Below list of flows IPFIX (all same date):
=================================

** nfdump -M /usr/local/nfsen/profiles-data/live/sw-DC-IPFIX  -T  -r
2012/11/14/nfcapd.201211141050 -n 10 -s ip/flows
nfdump filter:
any
Top 10 IP Addr ordered by flows:
Date first seen          Duration Proto           IP Addr    Flows(%)
   Packets(%)       Bytes(%)         pps      bps   bpp
1969-12-31 21:00:00.000     0.000 any        189.90.65.11
<http://189.90.66.70/nfsen/nfsen.php#null>    27791(88.2)
223988(44.3)  139.2 M(61.4)        0        0   621
1969-12-31 21:00:00.000     0.000 any        10.90.67.189
<http://189.90.66.70/nfsen/nfsen.php#null>     8138(25.8)    29244(
5.8)    6.0 M( 2.7)        0        0   206
1969-12-31 21:00:00.000     0.000 any        10.90.67.161
<http://189.90.66.70/nfsen/nfsen.php#null>     6294(20.0)    24055(
4.8)    6.5 M( 2.9)        0        0   270
1969-12-31 21:00:00.000     0.000 any        10.90.67.190
<http://189.90.66.70/nfsen/nfsen.php#null>     5756(18.3)    20498(
4.1)    4.6 M( 2.0)        0        0   226
1969-12-31 21:00:00.000     0.000 any          10.90.66.8
<http://189.90.66.70/nfsen/nfsen.php#null>     1580( 5.0)     8523(
1.7)    3.8 M( 1.7)        0        0   448
1969-12-31 21:00:00.000     0.000 any        10.90.66.102
<http://189.90.66.70/nfsen/nfsen.php#null>     1517( 4.8)    15800(
3.1)    8.4 M( 3.7)        0        0   533
1969-12-31 21:00:00.000     0.000 any        10.90.66.129
<http://189.90.66.70/nfsen/nfsen.php#null>     1331( 4.2)     7701(
1.5)    3.3 M( 1.5)        0        0   432
1969-12-31 21:00:00.000     0.000 any        10.90.67.113
<http://189.90.66.70/nfsen/nfsen.php#null>     1144( 3.6)     7270(
1.4)    4.3 M( 1.9)        0        0   587
1969-12-31 21:00:00.000     0.000 any        10.90.66.125
<http://189.90.66.70/nfsen/nfsen.php#null>      792( 2.5)     4285(
0.8)    2.2 M( 1.0)        0        0   507
1969-12-31 21:00:00.000     0.000 any         10.90.66.77
<http://189.90.66.70/nfsen/nfsen.php#null>      530( 1.7)    35134(
6.9)   32.3 M(14.2)        0        0   918


Anybody have any idea for resolve this?


In wireshark is possible visualize the date/time correctly.



Thanks.

-- 
Alexandro Marcelo Zacaron
+55 45 9942 8561

------------------------------------------------------------------------------
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512

_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

[Nfsen-discuss] NfSen and IPFIX

Reply via email to