[Flow-tools] Re: Question regarding flow time distribution

Wed, 06 Aug 2008 13:30:55 -0700 

Hi Adrian,

I really haven't dealt with that portion of the Summary report before. I 
have included the flow time section from a summary report of one of my 
routers below.

Flow time distribution:
    10    50  100  200  500 1000 2000 3000 4000 5000 6000 7000 8000 9000 
10000
   .121 .009 .106 .149 .226 .195 .071 .037 .020 .013 .011 .008 .005 .004 
.003 

  12000 14000 16000 18000 20000 22000 24000 26000 28000 30000 >30000
   .004  .002  .001  .000  .000  .001  .000  .000  .000  .000  .014 

As you can see most of mine (about 92%) are below 3 seconds (if that's the 
correct interpretation - but it makes sense to me.)

Now, if 73% of your flows are more than 30 secs, I would take a look at 
your netflow configuration. Or you may have a lot of long flows (FTPs, 
etc.)

Since FlowViewer simply relays the output of flow-tools, I've taken the 
liberty of posting this to the flow-tools mailing list where maybe someone 
can confirm it for you.

Joe




"Huber Adrian    TRAIL" <[EMAIL PROTECTED]> 
08/06/2008 03:38 PM

To
Joe Loiacono/CIV/[EMAIL PROTECTED]
cc

Subject
Question regarding FlowViewer






Hello!
            I’ve been spending some part of my morning trying to figure 
this one out, but I have not much success…
I’m trying to figure out how to interpret the ‘Flow Times Distribution” 
field in the FlowViewer Summary report. I understand that Cisco uses this 
format, where the top number indicates the range, and the value below it 
indicates the percentage of packets (or octets) of that sample fall into 
that range…
 
Ie: 
Flow time distribution:
    10    50  100  200  500 1000 2000 3000 4000 5000 6000 7000 8000 9000 
10000
   .120 .000 .000 .016 .002 .000 .022 .004 .024 .004 .000 .006 .000 .004 
.010 
 
  12000 14000 16000 18000 20000 22000 24000 26000 28000 30000 >30000
   .012  .030  .002  .000  .000  .000  .000  .002  .004  .000  .737 
 
Now what I’m trying to figure out is what do these ranges indicate??? Are 
we talking milliseconds, seconds, etc????
 
I’m assuming that %73.7 of my traffic had flow times in excess of 30 
seconds… Are my interpretations correct?
 
Thanks in advance.
 
Thank you, 
 
Adrian G. Huber, CCNA, N+, ATHC
Network Analyst
(250) 364 4805
Teck Cominco Metals Ltd.
25 Aldridge Ave
Trail, BC V1R  3T8
 


_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools

Reply via email to