Hi Paul, It looks to me ok. The filter does not matter. Your statistics is about interfaces. The same traffic flows through two interface - in/out. The stat counts each interface individually and therefore counts twice the numbers in the summary.
Hope that helps - Peter On 08/10/14 17:40, Wefel, Paul wrote: > Hello all, > > I searched the archives for this issue and found references to byte total > discrepancies but I didn’t find anything like what I am seeing. > With this query, the returned bytes and packet count summary is exactly half > of the total of the returned flows. > I have tried this on nfdump 1.6.12 and 1.6.10 with the same result. I > suspect something in the query may be wrong and I’m not seeing it. > Anyone have any ideas? Thanks. > > nfdump -M /a/flowdata/exit_east/2014/07 -R . -N -s if/bytes '((port = 5001) > and (IF 735 or IF 736 or IF 737 or IF 738 or IF 739 or IF 740 or IF 741 or IF > 742))' > > > Top 10 In/Out If ordered by bytes: > Date first seen Duration Proto In/Out If Flows(%) > Packets(%) Bytes(%) pps bps bpp > 2014-07-01 03:02:58.859 2505970.212 any 642 21(58.3) > 19919550(68.1) 114895526933(61.4) 7 366789 5767 > 2014-07-01 03:02:58.859 2442523.524 any 635 15(41.7) > 9316049(31.9) 72199731206(38.6) 3 236475 7750 > 2014-07-08 19:09:55.257 1843153.814 any 739 13(36.1) > 8605194(29.4) 55251361230(29.5) 4 239812 6420 > 2014-07-02 02:06:21.216 1357925.591 any 737 6(16.7) > 8405002(28.7) 53630047936(28.7) 6 315952 6380 > 2014-07-06 02:52:57.297 1466902.533 any 736 7(19.4) > 6845484(23.4) 43987579560(23.5) 4 239893 6425 > 2014-07-05 10:41:26.015 2069416.368 any 740 8(22.2) > 5102322(17.5) 32474238205(17.4) 2 125539 6364 > 2014-07-01 03:02:58.859 30.330 any 735 2( 5.6) > 277597( 0.9) 1752031208( 0.9) 9152 462124947 6311 > > Summary: total flows: 36, total bytes: 187095258139, total packets: 29235599, > avg bps: 597278, avg pps: 11, avg bpp: 6399 > Time window: 2014-05-12 19:30:50 - 2014-08-22 18:14:33 > Total flows processed: 1403144094, Blocks skipped: 0, Bytes read: 95420264796 > Sys: 223.963s flows/second: 6265044.5 Wall: 680.974s flows/second: 2060493.6 > > -paul > > > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk > > > > _______________________________________________ > Nfdump-discuss mailing list > Nfdump-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss > ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
