[flow-tools] too many lost flows?
Mark Fullmer
maf@eng.oar.net
Tue, 17 Dec 2002 11:36:33 -0500
The syslog entry lists the received and expected sequence number and
the number of flows lost. It wouldn't be 60 of 8968997, it's just 60. Sum
them up over the period or use the -S option which will do it for you.
> 1479687 packet receive errors
The packet receive errors are the problem. Maybe your collector is
running in half duplex mode?
Also there are many flows per packet. One dropped packet typically
result in 30 dropped v5 flows.
On Mon, Dec 16, 2002 at 05:27:57PM +0100, Michael Redinger wrote:
>
> Hello,
>
> using export version 1005 (tagged), flow-header says that there are lots
> of lost flows - eg. 255125 of 446704, more than 1/2.
>
> However, this seems very different from what I see in flow-capture's
> syslog entries (eg. 60 of 8968997 lost, but there are many of these
> entries).
>
> How do I interpret these values correctly?
>
> Well, the machine is a dual processor Xeon 2.4 GHz, 1 GB memory and RAID-1
> disks and 100 MBit full duplex network. So I guess this shouldn't be a
> problem (netstat -s says that about 0.3% of the packages are lost. Quite
> a lot :( but still not as many as shown in flow-header).
>
>
> # mode: normal
> # capture hostname: netflow.uibk.ac.at
> # capture start: Mon Dec 16 15:00:01 2002
> # capture end: Mon Dec 16 15:15:00 2002
> # capture period: 899 seconds
> # compress: on
> # byte order: little
> # stream version: 3
> # export version: 1005
> # lost flows: 255125
> # corrupt packets: 0
> # sequencer resets: 0
> # capture flows: 191579
>
> Dec 16 15:13:17 netflow flow-capture[14781]: ftpdu_seq_check():
> src_ip=127.0.0.1 dst_ip=127.0.0.1 d_version=5 expecting=8968997
> received=8969057 lost=60
>
>
> netstat -s:
> Udp:
> 522062840 packets received
> 9669 packets to unknown port received.
> 1479687 packet receive errors
> 10906053 packets sent
>
>
>
> Michael
>
>
>
>
> _______________________________________________
> flow-tools@splintered.net
> http://www.splintered.net/sw/flow-tools