Dave You talked about calculating bps and pps. I can simply add this fields in a flow-report. So, why calculate it?
-----Mensagem original----- De: Dave Plonka [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 25 de setembro de 2007 10:57 Para: [email protected] Cc: Caio Brentano Assunto: Re: [Flow-tools] Newbie doubt On Mon, Sep 24, 2007 at 04:38:04PM -0300, Caio Brentano wrote: > Please, someone answer this stupid doubt. > > Any report have 3 basic values: packets, octets and flows. If I want to know > the traffic between 2 IP address, I must analyse the OCTETS value, right? If you want to estimate a traffic rate, in bits per second, yes. Packets per second and flows per second are also interesting, especially for appliation such as detecting anomalies such as denial-of-service attacks that are often invisible if you only consider bits per second. > This is the "amount of data" in each flow collect, right? Yes, at the IP level. So remember to account for layer-2 headers and such when considering link capacity. > What I have to calculate to get this data in Mbytes ? Apart from the octet bit that has already been followed-up... Remember that we measure bandwidth/utilization in bits/per second. and that while 1KByte = 1024 bytes, and 1MByte = 1024*1024 bytes, 1Kbit = 1000 bits, and 1Mbit = 1000*1000 bits. So, bits per second is calculated by totaling up byte values from flow records and multiplying by 8, then converting to a rate by dividing by the collection interval in seconds (ie. 300 = 5 mins). (We also multiple by the sample rate if packet sampling is used for the specific flow export implementation you're using.) To get the appropriate metrix prefix for the magnitude, I use a perl subroutine called "scale" based on Tobi Oetiker's code to convert to "M", "k", or whatever prefix is appropriate. Search for "sub scale" in here: http://net.doit.wisc.edu/~plonka/FlowScan/new/CampusIO.pm I'll admit some early versions of my code had a problem with using 1024 rather than 1000, as I incorrectly thought bits were measured like bytes (with power of 2 multipliers). Dave As an aside, "Networks: A Systems Approach" by Larry Peterson and Bruce Davie is a good book with side-bars about this and other such topics. -- [EMAIL PROTECTED] http://net.doit.wisc.edu/~plonka/ Madison, WI E-mail classificado pelo Identificador de Spam Inteligente Terra. Para alterar a categoria classificada, visite http://mail.terra.com.br/cgi-bin/imail.cgi?+_u=caio.b&_l=1,1190728615.266014 .1439.aldabra.terra.com.br,4226,Des15,Des15 Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 24/09/2007 / Versco: 5.1.00/5126 Proteja o seu e-mail Terra: http://mail.terra.com.br/ _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
