Hello everyone, I am a newly joined intern in DANTE, Cambridge, UK, currently working with the latest snapshot of nfsen (20070312) and nfdump. I have a few doubts while using the nfdump in the command prompt in the Linux shell.
When I use the the command ./nfdump -M /opt/flowdata/netflow/nfdump-sen/raw/live/lux_lu:kau_lt:rig_lv:tik_il:lis_pt:gen_ch:bud_hu:poz_pl:tal_ee:fra_de:vie_at:mil_it:nyc_us:cop_dk:ath_gr:dub_ie:par_fr:mos_ru:lon_uk:mad_es:pra_cz:ams_nl -T -r nfcapd.200706242230 -o line -n 10 -s record/flows The result shown in the screen is : *Aggregated flows 296126* Top 10 flows ordered by flows: Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 2007-06-24 22:28:49.805 330.457 TCP xxx.xxx.110.245:1077 -> xxx.xx.6.60:443 30 2444 12 2007-06-24 22:28:33.248 352.101 TCP xxx.xxx.207.120:41734 -> xxx.xxx.25.153:20000 66 91054 11 2007-06-24 22:28:31.244 341.958 TCP xxx.xxx.192.120:59389 -> xx.xxx.100.106:119 36 52595 11 2007-06-24 22:28:13.430 354.964 TCP xxx.xx.154.233:24938 -> xxx.xxx.166.136:2109 57 2510 11 2007-06-24 22:28:34.171 355.478 TCP xxx.xx.192.120:56812 -> xx.xxx.71.23:119 32 46773 11 2007-06-24 22:28:40.688 348.614 TCP xxx.xxx.192.120:61519 -> xx.xxx.71.200:119 26 39000 11 2007-06-24 22:29:07.344 282.258 TCP xxx.xxx.65.202:20 -> xxx.xx.112.50:1336 28 39408 10 2007-06-24 22:29:30.001 272.803 TCP xxx.xx.55.199:1280 -> xxx.xxx.79.31:1557 18 14446 10 2007-06-24 22:28:54.214 294.962 TCP xxx.xx.247.87:873 -> xxx.xxx.15.26:53277 201 282052 10 2007-06-24 22:29:27.000 271.957 TCP xx.xx.30.1:2018 -> xx.xxx.81.212:34560 26 33450 10 Summary: *total flows: 446209*, total bytes: 482.0 M, total packets: 724449, avg bps: 9.5 M, avg pps: 1791, avg bpp: 697 Time window: 2007-06-24 22:28:10 - 2007-06-24 22:34:54 *Total flows processed: 446209*, skipped: 0, Bytes read: 23203348 Sys: 0.327s flows/second: 1360604.9 Wall: 2.152s flows/second: 207320.5 My first question is, what is the difference between the aggregate flows, total flows, and the total flows processed? My second question is, can you explain me the difference between using –c and –n as the options in nfdump command. Because, the description for both the options in the help manual are not clear to me. Cheers, Shiv ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
