Collector with receiving flows from VMware distributed switches #34
Comments
|
Only now I detected that the other netflow is returning same results since last Wednesday (3/8/2016). Thank you. |
|
Most probably this is caused by this bug: #33 i.e. misinterpretation of IPv6 traffic. The current issue should be a duplicate of #33 See also: https://sourceforge.net/p/nfsen/mailman/message/35250247/ Nick |
|
Hi Nick, Thank you for your update. Kind regards, Jose |
|
Pls. send me a pcap sent to the collector, to verify this. |
|
As I did not receive an caps related to this issue, I will close it for now, as I can not reproduce this issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi All,
We deployed a VMware cloud and we're trying to get some netflows out of the distributed switches. Oddly, one flow is showing huge ammounts of "other" traffic. Date values are also wrong. Both flows are coming from different distributed switches (same product level on both distributed switches) and all flows are being processed by one collector.
Total traffic values should be below 50 Mbits/s
Collector is an Ubuntu 14.04 with NFDUMP downloaded from repos and NFSEN (1.36p1)
VMware support team are clueless:
** nfdump -M /data/nfsen/profiles-data/live/f36-dc-LAN -T -r 2016/06/29/nfcapd.201606291245 -n 10 -s record/flows -B
nfdump filter:
any
Command line switch -s overwrites -a
Aggregated flows 17394
Top 10 flows ordered by flows:
Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Out Pkt In Pkt Out Byte In Byte Flows
1970-01-01 01:00:00.227 1344324763.421 0 0.0.0.0:0 <-> 0.0.0.1:341 0 38402 0 5105345.4 T 407
1971-08-20 13:33:27.552 4105988734.976 0 0.0.0.0:4353 <-> 0.0.0.0:0 0 69.4 T 0 407937.1 T 110
1971-07-01 20:30:40.256 3036541878.272 0 0.0.0.0:1537 <-> 0.0.0.0:4352 0 60.5 T 0 16287453.3 T 95
1971-08-20 13:33:27.552 3384434229.248 0 0.0.0.0:1537 <-> 0.0.0.0:4096 0 60.0 T 0 14569041.8 T 85
1971-10-09 06:36:14.848 3362959392.768 0 0.0.0.0:1537 <-> 0.0.0.0:512 0 60.9 T 0 15175234.0 T 67
1970-01-01 01:00:00.001 1467200863.999 0 64.1.0.1:2610 <-> 0.2.0.0:16123 0 5.5 G 0 61.2 T 55
1976-05-25 10:11:02.912 1627792605.184 0 0.0.0.0:1537 <-> 0.0.0.0:4608 0 25.0 T 0 4540379.5 T 48
1970-07-18 21:11:09.184 2993592205.312 0 0.0.0.0:1537 <-> 0.0.0.0:6144 0 28.6 T 0 14920364.8 T 44
1971-02-02 17:22:18.595 1224065679.133 0 0.0.0.0:0 <-> 0.0.0.2:341 0 8731 0 9425483.0 T 44
1970-01-01 01:00:00.001 1467200862.999 0 64.1.0.1:2610 <-> 0.2.0.0:65090 0 6.2 G 0 2.9 T 43
Summary: total flows: 54777, total bytes: 18316413.7 T, total packets: 7215088.0 T, avg bps: 4.1 G, avg pps: 1.7 G, avg bpp: 2
Time window: Time Window unknown
Total flows processed: 54777, Blocks skipped: 0, Bytes read: 3507444
Sys: 0.041s flows/second: 1321360.5 Wall: 0.040s flows/second: 1369288.1
Please, let me know if you need more data.
Thank you in advance.
The text was updated successfully, but these errors were encountered: