bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-13 19:14 UTC
[Bug 1959] New: Incorrect Sequence Numbers for NetFlow v9 export.
https://bugzilla.mindrot.org/show_bug.cgi?id=1959 Bug #: 1959 Summary: Incorrect Sequence Numbers for NetFlow v9 export. Classification: Unclassified Product: softflowd Version: -current Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: softflowd AssignedTo: djm at mindrot.org ReportedBy: ecoff at andrew.cmu.edu According to the NetFlow v9 RFC, the sequence number in the NetFlow v9 header is the: "Incremental sequence counter of all Export Packets sent from the current Observation Domain by the Exporter. This value MUST be cumulative, and SHOULD be used by the Collector to identify whether any Export Packets have been missed." This is a change from the NetFlow Version 5 and Version 8 headers, where this number represented "total flows." softflowd is incrementing sequence numbers the NetFlow v5 way. It should increment the sequence number by 1 for each packet sent. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-13 19:16 UTC
[Bug 1959] Incorrect Sequence Numbers for NetFlow v9 export.
https://bugzilla.mindrot.org/show_bug.cgi?id=1959 --- Comment #1 from ecoff at andrew.cmu.edu 2011-12-14 06:16:16 EST --- nfcapd reports incorrect sequence numbers when compiled with the DEVEL flag: [0] Sequence error: last seq: 0, seq 10 dist 10 [0] Sequence error: last seq: 10, seq 23 dist 13 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-13 19:16 UTC
[Bug 1959] Incorrect Sequence Numbers for NetFlow v9 export.
https://bugzilla.mindrot.org/show_bug.cgi?id=1959 ecoff at andrew.cmu.edu changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |http://www.cisco.com/en/US/ | |technologies/tk648/tk362/te | |chnologies_white_paper09186 | |a00800a3db9_ps6601_Products | |_White_Paper.html -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
Reasonably Related Threads
- cisco netflow analyzer?
- [Bug 1944] New: Wrong "Date flow start" and "Duration Proto" in version 9 with nfcapd
- [Bug 1441] New: flow record for ICMP6 missing type and code values
- [Bug 1760] New: Timestamp offset using softflowd with nfdump
- OT: What netflow tool do you recommends me?