Am 06.07.2018 um 13:19 schrieb Jens Hektor: > I withdraw the below. > > My assumption is wrong, i made another profile > where the sources are separated and the graph is still buggy. > > So next guess is interaction between "yaf" and "nfcapd" > or "yaf". > > As the support for "yaf" is a bit experimental > and was realized in private emails with peter > I guess it's the first. > > I will switch for some time to "pmacctd" for the conversion > from SPAN to flow and report back.
With "pmacctd" (1.7.1) this problem of wrong counted traffic is gone. So: yaf (2.10) and nfsen are still a not-so-good combination. There is one positive with pmacctd: there are TCP-flags. There is one drawback: no ICMP type/code data. Generally: I am refering here to neftlow v9. Background: our Cisco Nexus 7700 with M3 cars onyl have sampled netflow, so we are generating flows from the SPAN ports. -- Dipl.-Phys. Jens Hektor, Networks IT Center, RWTH Aachen University Room 2.04, Wendlingweg 10, 52074 Aachen (Germany) Phone: +49 241 80 29206 - Fax: +49 241 80 22100 http://www.itc.rwth-aachen.de - hek...@itc.rwth-aachen.de
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
