On 08/10/2014 11:15, Borja Marcos wrote:
Quite, what values are sent are set in the Netflow record, so it may be specific to the device that is exporting to the collector and how far it supports Netflow record format! I only see tos from 0-7, so I assumed that it was doing a pseudo-cos type conversion in Nfsen, but it's probably the exporter that is doing that....On Oct 8, 2014, at 12:05 PM, Oliver Lagni wrote:Hi Giles, Thanks for your help. Actually TOS values on NFSEN are from 1 to 255 so I guess I could filter with same decimal value of DSCP, but it's not. The only TOS filter that works is TOS 0 ;) At the moment I'm using this filter: tos 0xb8 or tos 184 or tos 5 but I can't see anything.It is working for me, seeing best effort at tos=0 and making tos comparisons. Check your flows source, maybe it's not sending the information properly, my flows come from Juniper M and MX routers.
-- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7584 634135 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
