Does the Mikrotik traffic-flow / netflow correctly implement netflow? Reason I ask is there seems to be a disconnect between souce traffic and destination traffic. For example if you have one interface that sees _all_ traffic it ether1 and ip is 10.5.5.5 the customer ip address is 192.168.1.1 ether2 there is no nat on the router etc., it just a router. Now run torch on ether1 you get 1/2 the traffic be it source or destination 192.168.1.1. Run torch on ether2 be it source or destination you get the other half of the traffic. netflow / traffic-flow and torch will not report both sides of the conversation between 192.168.1.1 and anything else. For every inbound response to a data query there is an outbound response that should show on that interface because it is a <two direction> conversation.
It appears to me that Mikrotik netflow is not doing this correctly or it is a bungled implementation. Thoughts? Jerry Allen Vistabeam _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
