Re: [Nfsen-discuss] NFsen / Nfdump filter by duration question..?

Thu, 25 Sep 2008 05:58:55 -0700 

RESOLVED.. 

 

Selecting "List Flows"  radio button gives the desired statistics and
the filters work as expected.

Selecting "Stat TopN" radio button gives the wonky statistics I was
seeing ..

 

Thanks to Adrian for the information, and thanks Peter for the detailed
explanation.  

 

________________________________

From: Adrian Popa [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, September 24, 2008 10:12 AM
To: Donnelly, Michael (OFT)
Cc: nfsen-discuss@lists.sourceforge.net
Subject: Re: [Nfsen-discuss] NFsen / Nfdump filter by duration
question..?

 

The duration parameter is in miliseconds... Try duration < 1000.

On Wed, Sep 24, 2008 at 4:16 PM, Donnelly, Michael (OFT)
<[EMAIL PROTECTED]> wrote:

Looking to see a report of all "short" conversations by using the
 Duration parameter in the filter expression.. I get all duration sizes
in
 the results .. Why doesn't this work ?

Filter:  duration < 1

Result:

** nfdump -M /usr/local/nfsen/profiles-data/live/xxxxxx  -T  -r
2008/09/24/nfcapd.200809240845 -n 100 -s record/flows -o long
nfdump filter:
duration < 1
Aggregated flows 16725

Top 100 flows ordered by flows:
Date flow start          Duration Proto      Src IP Addr:Port
Dst 2008-09-24 08:45:26.556   220.003 TCP      xxx.xxx.236.75:443   ->
<SNIP>
2008-09-24 08:45:26.720   219.979 TCP       xxx.xxx.172.6:64297 ->
<SNIP>
2008-09-24 08:46:25.504   180.076 TCP      xxx.xxx.236.75:443   ->
<SNIP>

Thanks!

   Mike D


--------------------------------------------------------
This e-mail, including any attachments, may be confidential, privileged
or otherwise legally protected. It is intended only for the addressee.
If you received this e-mail in error or from someone who was not
authorized to send it to you, do not disseminate, copy or otherwise use
this e-mail or its attachments.  Please notify the sender immediately by
reply e-mail and delete the e-mail from your system.





 


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Reply via email to