[flow-tools] too many lost flows?
Michael Redinger
Michael.Redinger@uibk.ac.at
Mon, 16 Dec 2002 17:27:57 +0100 (CET)
Hello,
using export version 1005 (tagged), flow-header says that there are lots
of lost flows - eg. 255125 of 446704, more than 1/2.
However, this seems very different from what I see in flow-capture's
syslog entries (eg. 60 of 8968997 lost, but there are many of these
entries).
How do I interpret these values correctly?
Well, the machine is a dual processor Xeon 2.4 GHz, 1 GB memory and RAID-1
disks and 100 MBit full duplex network. So I guess this shouldn't be a
problem (netstat -s says that about 0.3% of the packages are lost. Quite
a lot :( but still not as many as shown in flow-header).
# mode: normal
# capture hostname: netflow.uibk.ac.at
# capture start: Mon Dec 16 15:00:01 2002
# capture end: Mon Dec 16 15:15:00 2002
# capture period: 899 seconds
# compress: on
# byte order: little
# stream version: 3
# export version: 1005
# lost flows: 255125
# corrupt packets: 0
# sequencer resets: 0
# capture flows: 191579
Dec 16 15:13:17 netflow flow-capture[14781]: ftpdu_seq_check():
src_ip=127.0.0.1 dst_ip=127.0.0.1 d_version=5 expecting=8968997
received=8969057 lost=60
netstat -s:
Udp:
522062840 packets received
9669 packets to unknown port received.
1479687 packet receive errors
10906053 packets sent
Michael