Re: [Nfsen-discuss] [Nfdump-discuss] Matrix statistics
Netflow visualisation and investigation tool
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfsen-discuss] [Nfdump-discuss] Matrix statistics
|
From: Peter H. <ha...@sw...> - 2006-06-21 09:14:08
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------- Original Message --------
From: Peter Haag <ha...@sw...>
To: ro...@st...
Subject: Re:[Nfdump-discuss] Matrix statistics
Date: Wed Jun 21 2006 11:06:15 GMT+0200 (CEST)
> Dear all,
> Those interested in AS aggregation may try snapshot-20060621 on sourceforge.
> It includes additional aggregation options: srcas/dstas/proto.
>
> Note: With the new user selectable aggregation 'proto' the default behaviour changes:
> Up to now 'proto' was hardwired, so any record statistics was always protocol dependant. Now the user selects, if 'proto' aggregation is required.
>
> Example:
> Old: -A srcip,dstport
> New: -A proto,srcip,dstport
>
> produces the same output, whereas
>
> New: -A proto,srcip
^^^^^^^^^^^^^
Typo:
Correct:
New: -A srcip,dstport
Sorry for the confusion.
- Peter
>
> produces a protocol independant statistics.
>
> This behaviour change only applies, if a user selectable aggregation is given.
>
> Example to display AS statistics:
>
> ./nfdump -o "fmt:%ts %td %pr %sas -> %das %pkt %byt %fl" -r .. -A proto,srcas,dstas -s record
>
> - Peter
>
>
> -------- Original Message --------
> From: ro...@st...
> To: nfd...@li...
> Subject: [Nfdump-discuss] Matrix statistics
> Date: Fri Jun 16 2006 15:12:48 GMT+0200 (CEST)
>
>>> It seems to be possible to get the scrip and dstip of the top talkers
>>> using the record statistic, but I can't find a way to rank pairs of
>>> srcas and dstas. Is this possible, and if not, will it be implemented?
>>>
>>> - Robin Eidissen
>>>
>>>
>>> _______________________________________________
>>> Nfdump-discuss mailing list
>>> Nfd...@li...
>>> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>>>
>
> --
> _______ SWITCH - The Swiss Education and Research Network ______
> Peter Haag, Security Engineer, Member of SWITCH CERT
> PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
> SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland
> E-mail: pet...@sw... Web: http://www.switch.ch/security
_______________________________________________
Nfdump-discuss mailing list
Nfd...@li...
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland
E-mail: pet...@sw... Web: http://www.switch.ch/security
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iQCVAwUBRJkN1f5AbZRALNr/AQLK1gP/S1pmP8mnxd8NHDbWkxZSyNHMinIgm9wi
uv7nAMABH2mhAGL6jGCVb4aRO1LhSSEN7BXnYE1K4ieFGHaNKKTjM66UeP37S9oL
QkSZK+MrmaGi2Zmtd90H4X1zYY6QdOsDTyyhg+8OmJ1TyhOjMQqfbSaYtWbgXIHZ
W35Uyc6BbK4=
=s9mj
-----END PGP SIGNATURE-----
|
