Hi, I'm surely not in the right mailling list but I think you have an answer for my question ;-)
I'm trying to write a small script, using flow-tools, to convert Netscreen syslog output into flows to analyse them with Netflow Analyser. But as I'm new to netflow, I have a problem... for example, if I connect to www.google.com I'll get the following line in my log : Sep 27 09:19:53 (traffic): start_time="2007-09-27 09:18:50" duration=67 sent=3100 rcvd=10046 src=192.168.0.2 dst=64.233.183.104 src_port=1960 dst_port=80 I miss the number of packet transmited, but it's not really a problem (I just want to know witch protocols are used on my network). The problem is that I get a number of sent octets AND a number of received octets. But in a flow there is only something like transmited octets ... So this is my question. How Netflow identify the In and Out traffic ? Is there, for a tcp connection, 2 flows : one by direction ? If it's that, how Netflow identify that these 2 flows are for the same TCP connection ? Thanks by advance for your answer. Best Regards Julien Nury _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
