[Flow-tools] Question about Netflow operation for In/Out traffic
Julien Nury
julien at nury.fr
Thu Sep 27 03:28:40 EDT 2007
Hi,
I'm surely not in the right mailling list but I think you have an answer
for my question ;-)
I'm trying to write a small script, using flow-tools, to convert Netscreen
syslog output into flows to analyse them with Netflow Analyser. But as I'm
new to netflow, I have a problem...
for example, if I connect to www.google.com I'll get the following line in
my log :
Sep 27 09:19:53 (traffic): start_time="2007-09-27 09:18:50" duration=67
sent=3100 rcvd=10046 src=192.168.0.2 dst=64.233.183.104 src_port=1960
dst_port=80
I miss the number of packet transmited, but it's not really a problem (I
just want to know witch protocols are used on my network).
The problem is that I get a number of sent octets AND a number of received
octets. But in a flow there is only something like transmited octets ...
So this is my question. How Netflow identify the In and Out traffic ? Is
there, for a tcp connection, 2 flows : one by direction ? If it's that, how
Netflow identify that these 2 flows are for the same TCP connection ?
Thanks by advance for your answer.
Best Regards
Julien Nury
More information about the Flow-tools
mailing list