[Nfdump-discuss] nfdump output summary values are half of the individual line items totaled up.
netflow collecting and processing tools
Brought to you by:
phaag
Menu
▾
▴
[Nfdump-discuss] nfdump output summary values are half of the individual line items totaled up.
|
From: Wefel, P. <pw...@il...> - 2014-10-08 15:41:05
|
Hello all, I searched the archives for this issue and found references to byte total discrepancies but I didn’t find anything like what I am seeing. With this query, the returned bytes and packet count summary is exactly half of the total of the returned flows. I have tried this on nfdump 1.6.12 and 1.6.10 with the same result. I suspect something in the query may be wrong and I’m not seeing it. Anyone have any ideas? Thanks. nfdump -M /a/flowdata/exit_east/2014/07 -R . -N -s if/bytes '((port = 5001) and (IF 735 or IF 736 or IF 737 or IF 738 or IF 739 or IF 740 or IF 741 or IF 742))' Top 10 In/Out If ordered by bytes: Date first seen Duration Proto In/Out If Flows(%) Packets(%) Bytes(%) pps bps bpp 2014-07-01 03:02:58.859 2505970.212 any 642 21(58.3) 19919550(68.1) 114895526933(61.4) 7 366789 5767 2014-07-01 03:02:58.859 2442523.524 any 635 15(41.7) 9316049(31.9) 72199731206(38.6) 3 236475 7750 2014-07-08 19:09:55.257 1843153.814 any 739 13(36.1) 8605194(29.4) 55251361230(29.5) 4 239812 6420 2014-07-02 02:06:21.216 1357925.591 any 737 6(16.7) 8405002(28.7) 53630047936(28.7) 6 315952 6380 2014-07-06 02:52:57.297 1466902.533 any 736 7(19.4) 6845484(23.4) 43987579560(23.5) 4 239893 6425 2014-07-05 10:41:26.015 2069416.368 any 740 8(22.2) 5102322(17.5) 32474238205(17.4) 2 125539 6364 2014-07-01 03:02:58.859 30.330 any 735 2( 5.6) 277597( 0.9) 1752031208( 0.9) 9152 462124947 6311 Summary: total flows: 36, total bytes: 187095258139, total packets: 29235599, avg bps: 597278, avg pps: 11, avg bpp: 6399 Time window: 2014-05-12 19:30:50 - 2014-08-22 18:14:33 Total flows processed: 1403144094, Blocks skipped: 0, Bytes read: 95420264796 Sys: 223.963s flows/second: 6265044.5 Wall: 680.974s flows/second: 2060493.6 -paul |
