flow-capture not happy about loss?
307 views
Skip to first unread message
mathi...@gmail.com
Apr 17, 2013, 2:42:35 PM4/17/13
to flow-...@googlegroups.com
G'day
For a student project about network performance analysis I've been getting my feet wet with NetFlow for
average and maximum bandwidth usage on a part of the university's HPC cluster.
I initally wanted to go with SiLK and FlowViewer but the combo tends to be able of doing way too much,
thus I've been far more successfuly in configuring flow-capture on CentOS to collect flow-data from a Enterasys S-Series switch.
The thing that confuses me is that flow-capture moniks about sometimes low, sometimes incredibly high
flow losses and I don't know how to (or if this is even needed) to fix in order to get valid data.
Apr 17 20:37:39 sensor flow-capture[1934]: ftpdu_seq_check(): src_ip=192.168.1.10 dst_ip=192.168.1.20 d_version=5 expecting=19220 received=19225 lost=5
Apr 17 20:37:39 sensor flow-capture[1934]: ftpdu_seq_check(): src_ip=192.168.1.10 dst_ip=192.168.1.20 d_version=5 expecting=19315 received=19305 lost=4294967285
Apr 17 20:37:49 sensor flow-capture[1934]: ftpdu_seq_check(): src_ip=192.168.1.10 dst_ip=192.168.1.20 d_version=5 expecting=19325 received=19318 lost=4294967288
Apr 17 20:38:09 sensor flow-capture[1934]: ftpdu_seq_check(): src_ip=192.168.1.10 dst_ip=192.168.1.20 d_version=5 expecting=19331 received=19348 lost=17
The host 'sensor' is wired directly to a dedicated 1GE port - from the traffic pattern I don't think the link between sensor and switch have enough bandwidth available.
But could it be that the Enterasys unit is not catching up with sending probes? netstat -s | grep full didn't provide any output so I guess the host shouldn't be a problem ?
I've been fiddling with flow-cat and flow-filter and I think that I would be able to filter per-port bandwidth usage for defined period of times.
Looking forward to hearing from anyone experienced with flow-tools
-- Mat
For a student project about network performance analysis I've been getting my feet wet with NetFlow for
average and maximum bandwidth usage on a part of the university's HPC cluster.
I initally wanted to go with SiLK and FlowViewer but the combo tends to be able of doing way too much,
thus I've been far more successfuly in configuring flow-capture on CentOS to collect flow-data from a Enterasys S-Series switch.
The thing that confuses me is that flow-capture moniks about sometimes low, sometimes incredibly high
flow losses and I don't know how to (or if this is even needed) to fix in order to get valid data.
Apr 17 20:37:39 sensor flow-capture[1934]: ftpdu_seq_check(): src_ip=192.168.1.10 dst_ip=192.168.1.20 d_version=5 expecting=19220 received=19225 lost=5
Apr 17 20:37:39 sensor flow-capture[1934]: ftpdu_seq_check(): src_ip=192.168.1.10 dst_ip=192.168.1.20 d_version=5 expecting=19315 received=19305 lost=4294967285
Apr 17 20:37:49 sensor flow-capture[1934]: ftpdu_seq_check(): src_ip=192.168.1.10 dst_ip=192.168.1.20 d_version=5 expecting=19325 received=19318 lost=4294967288
Apr 17 20:38:09 sensor flow-capture[1934]: ftpdu_seq_check(): src_ip=192.168.1.10 dst_ip=192.168.1.20 d_version=5 expecting=19331 received=19348 lost=17
The host 'sensor' is wired directly to a dedicated 1GE port - from the traffic pattern I don't think the link between sensor and switch have enough bandwidth available.
But could it be that the Enterasys unit is not catching up with sending probes? netstat -s | grep full didn't provide any output so I guess the host shouldn't be a problem ?
I've been fiddling with flow-cat and flow-filter and I think that I would be able to filter per-port bandwidth usage for defined period of times.
Looking forward to hearing from anyone experienced with flow-tools
-- Mat
Joe Loiacono
Aug 21, 2013, 1:42:36 PM8/21/13
to flow-...@googlegroups.com
Wow - just saw this email (what's up with gmail? or is it me?)
Anyway the very large number are not really that large ... they are the residue of wrapping a 32 bit number.
--
You received this message because you are subscribed to the Google Groups "flow-tools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to flow-tools+...@googlegroups.com.
To post to this group, send email to flow-...@googlegroups.com.
Visit this group at http://groups.google.com/group/flow-tools?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Reply all
Reply to author
Forward
0 new messages