-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello,
we have noticed a strange behavior of the NfSen 1.3.5 (NFDUMP 1.6.2) when displaying aggregated data. When we were for example aggregating by src ip, then the src port, the dst ip and the dst port were set to zero and one could easily see where the aggregation was taking place (NfSen 1.3.2/NFDUMP 1.5.8). Now it seems that these fields are set to values found in one of the flows the traffic was aggregated from, which is very confusing, because it gives an impression that it was only these ips and these ports exchanging data. Example - ------- Traffic, no aggregation: Src IP Addr:Port Dst IP Addr:Port 192.168.0.1:50403 -> 192.168.0.2:80 192.168.0.1:50405 -> 192.168.0.2:443 Traffic, aggregation by src ip Src IP Addr:Port Dst IP Addr:Port 192.168.0.1:50403 -> 192.168.0.2:80 Now it looks like the only connection is on the port 80. As we have not found any mention about this in the changelog, we suspect it is a bug. Would it be possible to fix it and revert it to previous behavior? Thanks in advance. Best regards Tomas - -- Tomas Plesnik [email protected] CSIRT-MU, Network Security Department http://www.muni.cz/csirt Institute of Computer Science, Masaryk University, Brno, Czech Republic PGP key ID: 0x9D3722F3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk3spR8ACgkQGA/bT503IvMIfACg1yMXFCAydfyxmDz5cCXbXpvn 4+AAn22yeZ1tuFjI9In5KjFsi3ZNi/8O =xIcQ -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2 _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
