Re: [ipt-netflow] FIRST_SWTICHED being reset after export of active flow
NetFlow iptables module for Linux kernel
Brought to you by:
aabc
Menu
▾
▴
Re: [ipt-netflow] FIRST_SWTICHED being reset after export of active flow
|
From: ABC <ab...@te...> - 2015-08-15 10:45:43
|
Phillip, On Fri, Aug 14, 2015 at 09:07:48PM +0000, Phillip Rzewski wrote: > Before I get into my question, what I'm ultimately trying to do is > find the best way to count new flows started per minute. [...] But I'm > open to other suggestions. If you are interested only in TCP flows, you can analyse TCP_FLAGS(6) Element for presence of SYN flag. As you should know, first packet of TCP stream is marked with SYN bit. So you need only change your approach to counting only flows that is SYN marked. -abc |
