Hi Dmitry,
Pls test with the laste Github version. If it is still an issue, let me know.

        - Peter


On 31.12.15 09:52, Dmitry Petuhov wrote:
> Found strange behaviour on flow aggregation with binary output:
> # nfdump -V
> nfdump: Version: NSEL-NEL1.6.13
> # nfdump -r nfcapd.201512311115 -a -w nfcapd.201512311115.a
> # nfdump -r nfcapd.201512311115.a -o long | head
> Date first seen          Duration Proto      Src IP Addr:Port          
> Dst IP Addr:Port   Flags Tos  Packets    Bytes Flows
> 2015-12-31 11:16:34.976    38.936 UDP            0.0.0.4:25813 ->    
> 70.140.177.12:49001 ......   0  168.8 M        2 1572669509
> 2015-12-31 11:19:35.406   698.030 UDP           0.0.0.13:57288 ->        
> 10.2.11.6:10006 ......   0    1.2 G        0     0
> 2015-12-31 11:18:08.535    30.090 UDP            0.0.0.1:47574 ->     
> 10.4.139.190:30017 ......   0    1.9 G        0     0
> 2015-12-31 11:16:15.211   184.629 TCP           0.0.0.12:51654 ->    
> 10.33.169.110:443   ......   0    1.6 G        0     0
> 2015-12-31 11:26:19.012    11.944 TCP            0.0.0.6:443 ->    
> 217.69.139.42:50176 .AP.SF   0  168.4 M       55 1572669507
> 2015-12-31 11:17:56.516   129.004 TCP           0.0.0.12:58815 ->    
> 10.33.174.230:39959 ......   0    3.0 G        0     0
> 
> Aggregation with text output seems work fine:
> # nfdump -r nfcapd.201512311115 -a -o long | head
> Date first seen          Duration Proto      Src IP Addr:Port          
> Dst IP Addr:Port   Flags Tos  Packets    Bytes Flows
> 2015-12-31 11:16:34.976    38.936 UDP      70.140.177.12:25813 ->     
> 10.15.12.133:49001 ......   0        2      973     2
> 2015-12-31 11:16:15.211   184.629 TCP      10.33.169.110:51654 ->     
> 95.83.191.12:443   ......   0        0        0     2
> 2015-12-31 11:26:19.012    11.944 TCP      217.69.139.42:443 ->      
> 10.9.73.230:50176 .AP.SF   0       55    62365     1
> 2015-12-31 11:18:18.884     0.108 TCP      94.140.201.98:80 ->     
> 10.33.170.28:58715 .AP.SF   0      179   261739     1
> 2015-12-31 11:27:38.988    60.940 UDP       110.32.96.78:18946 ->     
> 10.34.135.66:62348 ......   0        2      340     2
> 2015-12-31 11:28:36.548    11.448 TCP      217.20.156.21:443 ->       
> 10.4.89.29:21317 .AP.SF   0       19    15595     1
> 2015-12-31 11:31:15.952     1.040 TCP     64.233.164.132:443 ->     
> 10.2.241.198:50284 .AP.S.   0      106   124096     1
> 2015-12-31 11:15:46.181   401.232 UDP       85.95.188.69:20467 ->    
> 95.83.148.178:62470 ......   0        9      432     3
> 2015-12-31 11:17:04.928     0.000 UDP       120.29.73.76:51413 ->    
> 10.162.24.138:49001 ......   0        1      328     1
> 
> Maybe this is important: input files are written with nfcapd of 
> different version:
> # nfcapd -V
> nfcapd: Version: 1.6.11 $Date: 2013-11-16 09:04:43 +0100 (Sat, 16 Nov 
> 2013) $
> 
> And have netflow v5 and v9+NEL.
> 
> 
> 
> ------------------------------------------------------------------------------
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
> 

-- 
Be nice to your netflow data. Use NfSen and nfdump :)

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to