Field definition on graphic report detail

FlowViewer is a web-based netflow data analysis tool.

Brought to you by: jloiacon

Field definition on graphic report detail

Forum: General Discussion

Creator: elmKel

Created: 2016-03-16

Updated: 2016-05-13

elmKel - 2016-03-16

Hi, I'm new to flow viewer. I have some question about the definition of the field on the flow graph report.

I requested the start time and end time from 00:00 to 23:59, and I got the above report. Is anyone know what is the meaning of the fields called "Bytes" and "Duration" on each row? Is "Bytes" means the total number of byte between source and destination within my requested time range? But the "Duration" field seem very large and out of the time range of my request. That's why it confused my understanding of what is the field,"Bytes", means.
Can anyone help me about this?
Thank you very much

Last edit: elmKel 2016-03-16

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Joe Loiacono - 2016-05-13
  
  Sorry - I just saw that this went unanswered. What you're seeing is very long flows where each flow is defined by the source and destination IP/port quad-tuple never changing for a very long time. So those flows look like they are continuous over time using the same IP addresses and ports. The "bytes" value would be a sum of all bytes that flowed during the duration period (row one is almost 4 days.)
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.