Looks like your routers are not including the AS information in the Netflow packet. What is your router configuration? For some cisco you need 'ip flow-export version 5 origin-as¹ I think it is as opposed to peer-as. I¹d be checking the flow data first to confirm you are actually seeing AS information in the packets and if not, work backwards from there; otherwise, if the data is in the packet you might need to be checking something different. Have you tried srcas, nextas , prevas for the sake of troubleshooting?
Mark From: geebs <gwe...@gmail.com> Date: Tuesday, 12 August 2014 12:17 pm To: "nfsen-discuss@lists.sourceforge.net" <nfsen-discuss@lists.sourceforge.net> Subject: [Nfsen-discuss] DST AS 0 - no other AS listed Hello, I'm trying to get a list of my networks top destination AS's. However I'm not getting far, I'm sure it's something I'm not seeing. All my routers are exporting v5 netflow correctly. All I see is 100% of traffic to AS 0 ??? Here's the response I get; ** nfdump -M /storage/nfsen/profiles-data/live/core2-bri:edge1-syd:edge2-mel:core2-mel:ed ge1-mel:core1-bri:core1-mel:core1-per:edge2-syd:edge1-bri:core1-syd:core2-pe r:core2-syd:edge1-per -T -r 2014/08/12/nfcapd.201408120000 -n 10 -s dstas/flows nfdump filter: any Top 10 Dst AS ordered by flows: Date first seen Duration Proto Dst AS Flows(%) Packets(%) Bytes(%) pps bps bpp 2014-08-11 23:54:58.720 600.031 any 0 270445(100.0) 6.0 M(100.0) 3.4 G(100.0) 9953 45.6 M 573 Summary: total flows: 270445, total bytes: 3.4 G, total packets: 6.0 M, avg bps: 45.6 M, avg pps: 9953, avg bpp: 573 Time window: 2014-08-11 23:54:58 - 2014-08-12 00:04:58 Total flows processed: 270445, Blocks skipped: 0, Bytes read: 14063784 Sys: 0.100s flows/second: 2704314.8 Wall: 0.099s flows/second: 2728460.5 Thanks for your time.
------------------------------------------------------------------------------
_______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
