Hello,
We have nprobe set up in following way:
/usr/local/bin/nprobe \
--flow-version=9 \
--flow-templ="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP
%OUTPUT_SNMP %IN_PKTS %IN_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT
%L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS
%IPV4_SRC_MASK %IPV4_DST_MASK %IN_SRC_MAC %OUT_DST_MAC %DIRECTION
%SRC_VLAN %DST_VLAN" \
--in-iface-idx=-1 \
--out-iface-idx=-1 \
--hash-size=512000 \
--verbose=1 \
--as-list=/usr/local/nprobe/GeoIPASNum.dat \
--city-list=/usr/local/nprobe/GeoLiteCity.dat \
--syslog=nprobe \
--scan-cycle=5 \
--flow-delay=0 \
--queue-timeout=30 \
-i dna0 \
-n 80.245.176.15:9999
And we are analysing it in nfsen. Also we receive on the same nfsen
netflow from our Cisco router. Traffic is identical for both (because
nprobe is getting LSPAN of all L2 ports of that router via 10ge port).
But while router netflow is showing 1.8 Gbps of traffic, nprobe shows
only 300 Mbps. Also when we measuere traffic on dna0 interface is shows
about 1.8Gbps. So it seems that is something wrong with nprobe.
But where to look?
Thanks
--
Michał Margula, [email protected], http://alchemyx.uznam.net.pl/
"W życiu piękne są tylko chwile" [Ryszard Riedel]
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
