Hello,
I am trying to interpreting NetFlow data on a network captured by
flow-tools. I do not have access to the routers and the
flow-export/capture sampling and filtering. However, I know the sampling
rate is 1/1000. As I know flow records are unidirectional, and for a TCP
request flow there should be a response record. The problem is, I can
only see one TCP flow for a TCP session (from a source to a
destination), and there is no response flow record for any of the TCP
flows.
Does anyone know why is that, and how it works, is it because of the
sampling/filtering pre-process?
thx,
H.
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
