I cannot get nfdump to display the subnets and the raw nfdump output does not seem to include this information: Flow Record: Flags = 0x00 Unsampled size = 52 first = 1305017995 [2011-05-10 09:59:55] last = 1305017996 [2011-05-10 09:59:56] msec_first = 899 msec_last = 259 src addr = 192.168.228.87 dst addr = 192.168.21.37 src port = 36887 dst port = 80 fwd status = 0 tcp flags = 0x1e .APRS. proto = 6 (src)tos = 0 (in)packets = 7 (in)bytes = 2884 input = 173 output = 175 src as = 0 dst as = 0
/usr/local/bin/nfdump -M /data/nfcapd/flows/router -R 2011/05/10/nfcapd.201105100000:2011/05/10/nfcapd.201105102355 -n 5 -s mask:p/bps Top 5 Mask ordered by bps: Date first seen Duration Proto Mask Flows(%) Packets(%) Bytes(%) pps bps bpp 2011-05-09 23:58:56.717 86461.844 any 0 50.9 M(200.0) 1.7 G(200.0) 744.0 G(200.0) 19734 68.8 M 436 Summary: total flows: 25471290, total bytes: 372.0 G, total packets: 853.1 M, avg bps: 34.4 M, avg pps: 9867, avg bpp: 436 Time window: 2011-05-09 23:58:56 - 2011-05-10 23:59:58 Total flows processed: 25471290, Blocks skipped: 0, Bytes read: 1324528668 Sys: 3.330s flows/second: 7649036.0 Wall: 28.248s flows/second: 901670.8 We are using Netflow v5 is this information only included in a certain version of netflow packet? Looking at the docs for v5 it shows 44 src_mask Source address prefix mask bits 45 dst_mask Destination address prefix mask bits. Neale Guy Nexus System Developer | System development | NTT Europe Ltd. ICT Solutions<http://www.eu.ntt.com/en/products.html> | Web<http://www.eu.ntt.com/en/index.html> | News<http://www.eu.ntt.com/en/about-us/newsroom.html> [cid:[email protected]]<http://www.eu.ntt.com/en/index.html> ________________________________ This e-mail (and any attachments) contains information which is intended solely for the attention of the person to whom it has been sent. If you are not the intended recipient, you are not authorised to copy, distribute or use it for any purpose or disclose the contents to any person. If you have received this e-mail in error, please notify us immediately at [email protected] and delete this e-mail from your systems. NTT Europe makes no warranty that this message is error or virus free. Any comments or opinions expressed are those of the originator not of NTT Europe Ltd. unless otherwise expressly stated. NTT Europe Limited is a company registered in England and Wales with company number 2307625. Registered Address: 3rd Floor, Devon House, 58-60 St. Katharine's Way, London, E1W 1LB, UK.
<<inline: image001.gif>>
------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
