On 11/04/2016 13:42, nfdump-discuss-requ...@lists.sourceforge.net wrote:
I found an interesting thing.
When i search for the contacted ips “outside”, the search-ip appears
in the results!
Why? I cannot explain. Did I forget something?
root@flow:/# /usr/local/bin/nfdump -M /flowdata/live/Core1/2016/04/10/
-R . "host abc.def.200.4" -A dstip | grep abc.def
2016-04-09 23:45:02.824 87113.208abc.def.200.415.3 M703.3 M6458346943
You have asked nfdump to select all packets with source *or* destination
address of abc.def.200.4, and then aggregate (group) them by dstip. So
your results will include incoming packets with dstip = abc.def.200.4
Maybe you wanted:
"src host abc.def.200.4" -A dstip
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
