[Flow-tools] NetFlow v9 support in flow-tools?

A colleague of mine mentioned the other day that he heard someone had updated flow-tools to support NetFlow v9. Truth? I can¹t find anything about such support. -- Adam Powers NetFlow Ninja & CTO Lancope, Inc. c. 678.725.1028 e. apow...@lancope

Re: [Flow-tools] Why the tcp flag is zero?

t and run it as follows: > ./flow-print -f1< netflowdata > > Does anyone can help me?Thanks very much. > Best wishes to all > > > lijian > 2007-08-03 > > > ___ > Flow-tools mailing list > [EMAIL PROT

Re: [Flow-tools] trouble with flow-fanout (spoofed ifindex?)

You're best bet is UDP Samplicator. I've used it extensively for replicating NetFlow, sFlow, and syslog. Preserves the source IP and provides a relatively simple configuration file format. http://freshmeat.net/projects/samplicator/ - Adam On 8/22/06 10:08 PM, "jay alvarez" <[EMAIL PROTECTED]> wr

Re: [Flow-tools] Strange behaviour

ef: 976.761.000 ext 3266 -- ___ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools -- Adam  Powers Director of Technology Lancope, Inc. c

Re: [Flow-tools] 5 VS 7

> ********* > ___ > Flow-tools mailing list > [EMAIL PROTECTED] > http://mailman.splintered.net/mailman/listinfo/flow-tools -- Adam Powers Director of Technology Lancope, Inc. c. 678.725.1028 e. [EMAIL PROTECTED] ___ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools

Re: [Flow-tools] Strange netflow-data !?

ething. > > Mike > _______ > Flow-tools mailing list > [EMAIL PROTECTED] > http://mailman.splintered.net/mailman/listinfo/flow-tools -- Adam Powers Director of Technology Lancope, Inc. c. 678.725.1028 e. [EMAIL PROTECTED] ___ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools

Re: [Flow-tools] Protocol 0

.2(18)SXD4 Platform: WS-C6509-E Will advise if a reboot clears the condition. On 9/7/05 12:30 AM, "Mike Hunter" <[EMAIL PROTECTED]> wrote: > On Sep 06, "Adam Powers" wrote: > >> So what did we decide? >> >> 1. That there are likely NetFlow cachin

Re: [Flow-tools] Protocol 0

PROTO == 0 but is characterized by other null fields such as TCP, TOS, and SRC/DST L4 port. Gotta love this NetFlow stuff at times. On 9/6/05 5:08 PM, "Mike Hunter" <[EMAIL PROTECTED]> wrote: > On Sep 05, "Vladimir Kotal" wrote: > >> On Thu, Sep 01,

Re: [Flow-tools] Protocol 0

m to recall that 0.0.0.0 was used as an address for > routing continuation fragments, so the original SIP and DIP would be in a > previous flow... > > > ___ > Flow-tools mailing list > [EMAIL PROTECTED] > http://mailman.splintered.net/m

Re: [Flow-tools] Protocol 0

; v. > > ___ > Flow-tools mailing list > [EMAIL PROTECTED] > http://mailman.splintered.net/mailman/listinfo/flow-tools -- Adam Powers Director of Technology Lancope, Inc. c. 678.725.1028 e. [EMAIL PROTECTED] _

Re: [Flow-tools] Big Bandwidth

10K flows per second is a lot. I've seen environments that push 15K but not many. On 7/22/05 5:18 AM, "Peter Valdemar Mørch" <[EMAIL PROTECTED]> wrote: > doof wrote: >> I use flow-capture/flowscan to make bandwidth graph with rrdtool. Since >> one week, i have a big problem. I have too much dat

Re: [Flow-tools] Is 800 flows / person / hour typical for office users? What are you seeing?

PROTECTED]> wrote: > Thanks for your responses! > > Adam Powers apowers-at-lancope.com |Lists| wrote: >> Yeah, and your timeouts have a pretty significant impact as well. What are >> you using? > > NAT (or rather, PAT) translations time out after 3 hours, while TCP >

Re: [Flow-tools] Is 800 flows / person / hour typical for office users? What are you seeing?

s (the C*O guys love those > things), NTP updates many desktops auto configure and everything > else, that level of traffic is easy to imagine. > > Unless your company has strict rules about web access, and employees > have no "work related" reason to be using web

Re: [Flow-tools] Strange Router Export Issue

ter NOC AS 25933     - Original Message - From:  Robert S.  Galloway     To: 'Adam Powers'  ; [EMAIL PROTECTED] ; [EMAIL PROTECTED] ; [EMAIL PROTECTED]   Sent: Friday, May 20, 2005 1:11 PM   Subject: RE: [Flow-tools] Strange Router  Export Issue       There are definitely  very few i

Re: [Flow-tools] Strange Router Export Issue

ive timeout at 1 minute. Is there any way to increase the available cache?   Robert "You have enemies? Good. That means you've stood up for something, some time in your life." -- Winston Churchill       From: Adam Powers [mailto:[EMAIL PROTECTED] Sent: Thursday, May 19, 2005

Re: [Flow-tools] Strange Router Export Issue

ood up for something, some time in your life." -- Winston Churchill       ___ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools -- Adam  Powers Director of Technology Lancope, Inc. c. 678.725

Re: [Flow-tools] network address in nexthop flow-stat

k en hoeft niet noodzakelijk over een te komen met die van > # Enertel. Enertel is niet aansprakelijk voor de inhoud van dit > # e-mailbericht en eventuele attachments. > > > ___ > Flow-tools mailing list > [EMAIL PROTECTED] >

Re: Re[2]: [Flow-tools] port 0

7144 524757 >>> 31889 1800 21081243 50199 >>> 3905101 20985596 19102 >>> >>> As you can see, most of the traffic is generated with lower number of >>> sessions >>&g

Re: [Flow-tools] port 0

ould like to know exactly what > this traffic is, why is the majority of traffic lumped into "port 0"? > > TIA, > > Dustin > > > _______ > Flow-tools mailing list > [EMAIL PROTECTED] > http://mailman.splintered.net/mailma

Re: [Flow-tools] port 0

stin > > > ___ > Flow-tools mailing list > [EMAIL PROTECTED] > http://mailman.splintered.net/mailman/listinfo/flow-tools -- Adam Powers Senior Security Engineer Advanced Technology Group c. 678.725.1028 o. 770.