[flow-tools] mis-configuration or just mis-reading output?

Horatio B. Bogbindero wyy@admu.edu.ph
Mon, 3 Jun 2002 18:33:24 +0800 

Surlignage Richard Vanderwaal <RVanderwaal@groupwise.swin.edu.au>:

> 

try running:

flow-cat -a /usr/local/flow-tools/data/2002/2002-06/ | flow-stat -f9

on your data. also email how long the sample was. 

> I'm relatively new to flow-tools.  I have just installed it on a Solaris 
2.6
> machine and think it is either misconfigured or I am reading the output
> incorrectly.  I have configured out border router, which is a Cisco 7206, 
to
> export NetFlow data.  The configuration is pasted below but I have 
changed IP
> addresses for safe measures:
> 
> interface FastEthernet0/0
>   description To (border) PIX firewall
>   ip address 192.168.5.213 255.255.255.252
>   ip route-cache flow
> !
> interface ATM1/0
>   description To Internet Microwave Link
>   no ip address
>   ...
>   ...
> !
> ...
> ...
> ...
> ip flow-export source FastEthernet0/0
> ip flow-export version 5
> ip flow-export destination 192.168.2.100 8888
> 
> 
> OK.  Then on my Solaris 2.6 box I run flow-capture:
> 
> flow-capture -w /usr/local/flow-tools/data 
192.168.2.100/192.168.5.213/8888
> 
> I leave it collect some data for a while, then view some of the data with 
the
> following command:
> 
> flow-cat -p /usr/local/flow-tools/data/2002/2002-06/ | flow-stat -f9
>

> 
> When I look at the output, the octets field seems rather large.  If I'm 
not
> wrong, octets is bytes, correct?  What I am looking at on my results just
> doesnt seem to be correct at all if that is the case.  For example, and 
this
> is just one line from the output, the total amount of bytes is in the
> gigabytes:
> 
> IPaddr                  flows            octets                   packets
> 192.168.1.117    165415         882216081258     1971365474
> 
> 
> The line above is one of our proxy servers, and so yes there should be a 
lot
> of traffic for that address, but I know that it hasnt transferred
> 882216081258 bytes.  But as I said, I may just misunderstand what octets
> are.
> 
> Can anyone clear this up for me?  I hope I have provided enough
> information.
> Thanks in advance,
> 
> Regards,
> Richard.
> 
> 
> _______________________________________________
> flow-tools@splintered.net
> http://www.splintered.net/sw/flow-tools
> 



-------------------------------------------
William Emmanuel S. Yu
Ateneo Campus Network Group (AteneoCNG)
email  :  wyu at ateneo dot edu
web    :  http://CNG.ateneo.net/wyu/
phone  :  +63(2)4266001-4186
GPG    :  http://CNG.ateneo.net/wyu/wyy.pgp