[Nfdump-discuss] Feature Request: Stat output should include protocol info

[Nikolaos Milas]

Hello,

I am using nfdump from within nfsen (1.3.6p1), but I am showing here the 
produced nfdump query:

When we do Stat TopN (e.g. from a particular src address) to identify 
destination ports sorted by flows, then the query becomes (example):

** nfdump -M /data/nfsen/profiles-data/live/thi -T  -R 
2016/10/23/nfcapd.201610232235:2016/10/23/nfcapd.201610232240 -n 50 -s 
dstport/flows
nfdump filter: (( ident thi) and (OUT IF 32) or ( ident thi) and (IN IF 
32)) and ( src ip 194.177.194.192 )

This produces a result like:

Top 50 Dst Port ordered by flows:

Date first seen          Duration Proto          Dst Port Flows(%)     
Packets(%)       Bytes(%)         pps      bps bpp
2016-10-23 22:35:36.080   388.864 any 778       12(80.0)       
12(44.4)      868(33.9)        0 17    72
2016-10-23 22:38:40.336     0.140 any 52974        1( 6.7)        
5(18.5)      563(22.0)       35 32171   112
2016-10-23 22:41:24.812     0.012 any 51310        1( 6.7)        
5(18.5)      563(22.0)      416 375333   112
2016-10-23 22:35:24.780     0.008 any 51187        1( 6.7)        
5(18.5)      563(22.0)      625 563000   112

Summary: total flows: 15, total bytes: 2557, total packets: 27, avg bps: 
51, avg pps: 0, avg bpp: 94
Time window: 2016-10-23 22:30:00 - 2016-10-23 22:44:58
Total flows processed: 37123, Blocks skipped: 0, Bytes read: 2376128
Sys: 0.009s flows/second: 3713042.6  Wall: 0.007s flows/second: 5007148.6


I would like to request that this output report include the Protocol 
info. For example, above the first entry should be ICMP and the last 
three should be TCP.

The same of course should be done for all similar reports, e.g. when 
producing stats for Any IP Address, Dst IP Address, Src Port, etc.

Currently such info is not displayed and that causes the need for 
additional queries to identify protocols for statistical (Stat TopN) data.

I am posting this to nfdump mailing list, thinking the issues is related 
to it. If you think it should rather be posted to nfsen mailing list, 
please let me know.

Thanks,
Nick


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss