[Nfdump-discuss] nfdump output summary values are half of the individual line items totaled up.

Wefel, Paul Wed, 08 Oct 2014 08:42:36 -0700

Hello all,

I searched the archives for this issue and found references to byte total 
discrepancies but I didn’t find anything like what I am seeing.
With this query, the returned bytes and packet count summary is exactly half of 
the total of the returned flows.
I have tried this on nfdump 1.6.12 and 1.6.10 with the same result.  I suspect 
something in the query may be wrong and I’m not seeing it.
Anyone have any ideas?  Thanks.


nfdump -M /a/flowdata/exit_east/2014/07 -R . -N  -s if/bytes '((port = 5001) 
and (IF 735 or IF 736 or IF 737 or IF 738 or IF 739 or IF 740 or IF 741 or IF 
742))'


Top 10 In/Out If ordered by bytes:
Date first seen          Duration Proto         In/Out If    Flows(%)     
Packets(%)       Bytes(%)         pps      bps   bpp
2014-07-01 03:02:58.859 2505970.212 any                 642       21(58.3) 
19919550(68.1) 114895526933(61.4)        7   366789  5767
2014-07-01 03:02:58.859 2442523.524 any                 635       15(41.7)  
9316049(31.9) 72199731206(38.6)        3   236475  7750
2014-07-08 19:09:55.257 1843153.814 any                 739       13(36.1)  
8605194(29.4) 55251361230(29.5)        4   239812  6420
2014-07-02 02:06:21.216 1357925.591 any                 737        6(16.7)  
8405002(28.7) 53630047936(28.7)        6   315952  6380
2014-07-06 02:52:57.297 1466902.533 any                 736        7(19.4)  
6845484(23.4) 43987579560(23.5)        4   239893  6425
2014-07-05 10:41:26.015 2069416.368 any                 740        8(22.2)  
5102322(17.5) 32474238205(17.4)        2   125539  6364
2014-07-01 03:02:58.859    30.330 any                 735        2( 5.6)   
277597( 0.9) 1752031208( 0.9)     9152 462124947  6311

Summary: total flows: 36, total bytes: 187095258139, total packets: 29235599, 
avg bps: 597278, avg pps: 11, avg bpp: 6399
Time window: 2014-05-12 19:30:50 - 2014-08-22 18:14:33
Total flows processed: 1403144094, Blocks skipped: 0, Bytes read: 95420264796
Sys: 223.963s flows/second: 6265044.5  Wall: 680.974s flows/second: 2060493.6

-paul

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk

_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

[Nfdump-discuss] nfdump output summary values are half of the individual line items totaled up.

Reply via email to