Port 0 flows usually result from fragmented IP datagrams.
On 2/2/05 12:21 PM, "Dustin" <[EMAIL PROTECTED]> wrote: > Hello, > > This may have been discussed, but I don't find any results in the archives. > > We are troubleshooting some performance issues, have Cisco routers, and just > started using flow-tools to capture data. I've issued flowstat with the > following args: > > flow-stat -f5 -p -S2 > > # port flows octets packets > # > 0 425 68968722 51238 > 445 10886 51125320 372789 > 1494 710 26667144 524757 > 31889 1800 21081243 50199 > 3905 101 20985596 19102 > > As you can see, most of the traffic is generated with lower number of sessions > & packets, but w/ higher amount of data. We would like to know exactly what > this traffic is, why is the majority of traffic lumped into "port 0"? > > TIA, > > Dustin > > > _______________________________________________ > Flow-tools mailing list > [EMAIL PROTECTED] > http://mailman.splintered.net/mailman/listinfo/flow-tools -- Adam Powers Senior Security Engineer Advanced Technology Group c. 678.725.1028 o. 770.225.6521 f. 770.225.6501 e. [EMAIL PROTECTED] AOL IM: adampowers22 StealthWatch by Lancope - Security through network intelligence� _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
