*2020-04-20 21:26:02.872 1546.520 UDP 200.41.181.78:1194 <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 181.166.177.133:1194 <https://netflow.sintys.gob.ar/nfsen.php#null> 0 213368 0 125.1 M 2*
This looks like a long-lasting openvpn session. You need to force your router to expire netflow data at most 5 minutes, and you would get that flow segmented over different time slots. On Tue, Apr 21, 2020 at 6:10 AM Roberto Carna <robertocarn...@gmail.com> wrote: > I need to add that if I process a traffic request in a given simple > timeslot, I always see a bidirectional flow with a big UDP traffic value > corresponding to a different timeslot (in bold): > > Date first seen Duration Proto Src IP Addr:Port Dst > IP Addr:Port Out Pkt In Pkt Out Byte In Byte Flows > 2020-04-20 21:51:44.796 0.000 UDP 200.63.169.126:47467 > <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 8.8.8.8:53 > <https://netflow.sintys.gob.ar/nfsen.php#null> 0 2 0 > 162 2 > 2020-04-20 21:51:51.092 0.072 TCP 200.63.169.116:32431 > <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 104.104.17.152:443 > <https://netflow.sintys.gob.ar/nfsen.php#null> 0 22 0 > 6544 2 > 2020-04-20 21:51:52.544 0.000 UDP 200.63.169.126:44829 > <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 8.8.8.8:53 > <https://netflow.sintys.gob.ar/nfsen.php#null> 0 2 0 > 162 2 > 2020-04-20 21:51:56.728 0.712 TCP 200.63.169.116:32432 > <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 52.55.59.20:443 > <https://netflow.sintys.gob.ar/nfsen.php#null> 0 18 0 > 5200 2 > 2020-04-20 21:52:11.996 0.000 UDP 200.41.181.76:24348 > <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 8.8.8.8:53 > <https://netflow.sintys.gob.ar/nfsen.php#null> 0 2 0 > 140 2*2020-04-20 21:26:02.872 1546.520 UDP 200.41.181.78:1194 > <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 181.166.177.133:1194 > <https://netflow.sintys.gob.ar/nfsen.php#null> 0 213368 0 > 125.1 M 2* > 2020-04-20 21:52:11.076 3.656 TCP 200.63.169.119:20002 > <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 200.70.32.2:8395 > <https://netflow.sintys.gob.ar/nfsen.php#null> 0 90 0 > 15242 2 > 2020-04-20 21:52:10.124 0.000 UDP 200.63.169.126:48249 > <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 8.8.8.8:53 > <https://netflow.sintys.gob.ar/nfsen.php#null> 0 2 0 > 162 2 > 2020-04-20 21:51:50.992 0.000 UDP 200.63.169.126:51661 > <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 8.8.8.8:53 > <https://netflow.sintys.gob.ar/nfsen.php#null> 0 2 0 > 162 2 > 2020-04-20 21:52:00.912 0.028 TCP 200.63.169.116:32231 > <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 172.217.172.67:443 > <https://netflow.sintys.gob.ar/nfsen.php#null> 0 8 0 > 742 2 > 2020-04-20 21:51:58.248 0.008 TCP 200.63.169.116:32407 > <https://netflow.sintys.gob.ar/nfsen.php#null> <-> 104.20.90.238:443 > <https://netflow.sintys.gob.ar/nfsen.php#null> 0 4 0 > 238 2 > > Why this behaviour is always present in the traffic requets??? Because nfsen > traffic values are not real at all for a given timeslot. > > Thanks again !!! > > > El lun., 20 abr. 2020 a las 23:11, Roberto Carna (< > robertocarn...@gmail.com>) escribió: > >> Dear, I have nfsen installed in a Debian box. It works OK. >> >> I have an Internet link with an ISP which give me two public IP blocks. >> >> So I've created a nfsen profile in order to measure the Internet link >> traffic, in this way: >> >> Traffic IN: DST NET <block_1> OR DST NET <block_2> >> >> Traffic OUT: SRC NET <block_1> OR SRC NET <block_2> >> >> But the resulting traffic curve is not the same to the SNMP curve >> obtained with my SNMP monitor software. >> >> Please can you tell me what can be wrong? Is it possible to obtain >> similar traffic curves using nfsen and snmp? >> >> Special thanks !!! >> > _______________________________________________ > Nfsen-discuss mailing list > Nfsen-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss >
_______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
