Comments (2)
phaag
commented on June 19, 2024
Testing your command with v1.6.14 here on Github, I can not reproduce this error. I get correct values:
./nfdump -r flows -o "fmt:%ts %mpls1 %mpls2 - %pr %bps %pkt %byt %fl"
Date first seen MPLS lbl 1 MPLS lbl 2 Proto bps Packets Bytes Flows
2004-07-11 10:30:00.010 1010-0-0 2020-0-0 - TCP 242 202 303 3
2004-07-11 10:30:10.110 1010-0-0 2020-0-0 - TCP 121 202 303 3
2004-07-11 10:30:20.210 1010-0-0 2020-0-0 - TCP 27 101 102 3
2004-07-11 10:30:30.310 1010-0-0 2020-0-0 - TCP 20 101 102 3
2004-07-11 10:30:40.410 1010-0-0 2020-0-0 - UDP 160 1001 1002 3
2004-07-11 10:30:50.510 1010-0-0 2020-0-0 - AH 1333 10001 10002 3
2004-07-11 10:31:00.610 1010-0-0 2020-0-0 - TCP 11427 100001 100002 3
2004-07-11 10:31:10.710 1010-0-0 2020-0-0 - TCP 99987 1.0 M 1.0 M 3
2004-07-11 10:31:20.810 1010-0-0 2020-0-0 - TCP 88 10.0 M 1001 3
2004-07-11 10:31:30.910 1010-0-0 2020-0-0 - TCP 799920 500 10.0 M 3
2004-07-11 10:31:40.010 1010-0-0 2020-0-0 - TCP 727206 500 10.0 M 3
2004-07-11 10:31:50.110 1010-0-0 2020-0-0 - TCP 6.7 M 5000 100.0 M 3
2004-07-11 10:32:00.210 1010-0-0 2020-0-0 - TCP 61.5 M 5000 1.0 G 3
2004-07-11 10:32:10.310 1010-0-0 2020-0-0 - ICMP 2856 50002 50000 3
2004-07-11 10:32:20.410 1010-0-0 2020-0-0 - TCP 26664 500001 500000 3
2004-07-11 10:32:30.510 1010-0-0 2020-0-0 - TCP 754 10 15100 3
2004-07-11 10:32:40.610 1010-0-0 2020-0-0 - TCP 705840 10100 15.0 M 3
2004-07-11 10:32:50.710 1010-0-0 2020-0-0 - TCP 190.9 M 10.1 M 4.3 G 3
2004-07-11 10:33:00.810 1010-0-0 2020-0-0 - TCP 631545 4.3 G 15.0 M 3
2004-07-11 10:33:10.910 1010-0-0 2020-0-0 - TCP 343.6 M 4.3 G 8.6 G 3
2004-07-11 10:33:20.010 1010-0-0 2020-0-0 - TCP 163.6 M 10.1 M 4.3 G 3
2004-07-11 10:33:30.110 1010-0-0 2020-0-0 - TCP 545429 4.3 G 15.0 M 3
2004-07-11 10:33:40.210 1010-0-0 2020-0-0 - TCP 298.8 M 4.3 G 8.6 G 3
2004-07-11 10:33:50.310 1010-0-0 2020-0-0 - TCP 286.3 M 4.3 G 8.6 G 3
2004-07-11 10:34:00.410 1010-0-0 2020-0-0 - TCP 274.9 M 4.3 G 8.6 G 3
2004-07-11 10:34:10.510 1010-0-0 2020-0-0 - TCP 264.3 M 4.3 G 8.6 G 3
Summary: total flows: 78, total bytes: 52706369559, total packets: 30096659308, avg bps: 825940640, avg pps: 58954103, avg bpp: 1
Time window: 2004-07-11 10:30:00 - 2004-07-11 10:38:30
Total flows processed: 26, Blocks skipped: 0, Bytes read: 4836
Sys: 0.010s flows/second: 2548.5 Wall: 0.001s flows/second: 20186.3
And aggregated:
./nfdump -r flows -A mpls1,mpls2 -s record/flows -o "fmt:%ts %mpls1 %mpls2 - %pr %bps %pkt %byt %fl"
Aggregated flows 1
Top 10 flows ordered by flows:
Date first seen MPLS lbl 1 MPLS lbl 2 Proto bps Packets Bytes Flows
2004-07-11 10:30:00.010 1010-0-0 2020-0-0 - 0 825.9 M 30.1 G 52.7 G 78
Summary: total flows: 78, total bytes: 52706369559, total packets: 30096659308, avg bps: 825940640, avg pps: 58954103, avg bpp: 1
Time window: 2004-07-11 10:30:00 - 2004-07-11 10:38:30
Total flows processed: 26, Blocks skipped: 0, Bytes read: 4836
Sys: 0.007s flows/second: 3505.5 Wall: 0.000s flows/second: 91872.8
If this still an issu, send my an nfcapd data file with the appropriate commands, which fail and I will check it.
from nfdump.
manyadecano
commented on June 19, 2024
Hello Peter,
Before anything, I want to thank you for the answers and your time.
I tried with the newest version v1.6.14 again (previously I was using v1.6.12) and the result is basicaly the same, the only diference is when agregating mpls2 labels is works ok.
user@ubuntu15:/user/router1$ nfdump -V
nfdump: Version: 1.6.14
user@ubuntu15:/user/router1$ nfcapd -V
nfcapd: Version: 1.6.14
user@ubuntu15:/user/router1$ nfdump -r nfcapd.201605101315 -o "fmt:%ts %mpls1 %mpls2 - %pr %bps %pkt %byt %fl"
Date first seen MPLS lbl 1 MPLS lbl 2 Proto bps Packets Bytes Flows
2016-05-10 13:13:25.881 16006-0-0 130924-0-1 - 0 1.0 G 15.7 M 8.1 G 1
2016-05-10 13:13:58.373 16006-0-0 130937-0-1 - 0 19.3 M 298000 152.6 M 1
2016-05-10 13:13:57.995 16006-0-0 130938-0-1 - 0 19.7 M 307000 157.2 M 1
2016-05-10 13:13:57.878 16006-0-0 130936-0-1 - 0 20.0 M 311000 159.2 M 1
2016-05-10 13:13:57.881 16006-0-0 130957-0-1 - 0 101.4 M 1.6 M 812.0 M 1
2016-05-10 13:13:57.986 16001-0-0 24085-0-1 - 0 22.2 M 345000 176.6 M 1
2016-05-10 13:13:57.929 16001-0-0 24086-0-1 - 0 65.0 M 1.0 M 519.7 M 1
2016-05-10 13:13:59.012 16001-0-0 24084-0-1 - 0 21.5 M 335000 171.5 M 1
2016-05-10 13:13:58.973 16001-0-0 24080-0-1 - 0 22.4 M 349000 178.7 M 1
2016-05-10 13:13:58.946 16006-0-0 130939-0-1 - 0 69.3 M 1.1 M 553.5 M 1
2016-05-10 13:13:58.874 16001-0-0 24087-0-1 - 0 100.8 M 1.6 M 806.9 M 1
2016-05-10 13:13:58.871 16028-0-0 130819-0-1 - 0 509.1 M 8.0 M 4.1 G 1
2016-05-10 13:14:52.703 16001-6-1 0-0-0 - TCP 0 1000 56000 1
2016-05-10 13:14:29.871 16006-0-0 130924-0-1 - 0 1.0 G 15.9 M 8.1 G 1
2016-05-10 13:15:37.644 16006-7-0 130923-7-1 - 0 0 1000 62000 1
2016-05-10 13:15:01.923 16006-0-0 130938-0-1 - 0 20.4 M 318000 162.8 M 1
2016-05-10 13:15:01.884 16006-0-0 130936-0-1 - 0 20.3 M 316000 161.8 M 1
2016-05-10 13:15:01.977 16006-0-0 130937-0-1 - 0 20.5 M 319000 163.3 M 1
2016-05-10 13:15:02.090 16001-0-0 24085-0-1 - 0 19.7 M 306000 156.7 M 1
2016-05-10 13:15:02.030 16001-0-0 24086-0-1 - 0 58.7 M 913000 467.5 M 1
2016-05-10 13:15:01.875 16006-0-0 130957-0-1 - 0 99.4 M 1.6 M 794.6 M 1
2016-05-10 13:15:03.168 16006-0-0 130939-0-1 - 0 59.7 M 930000 476.2 M 1
2016-05-10 13:15:02.871 16001-0-0 24080-0-1 - 0 19.2 M 300000 153.6 M 1
2016-05-10 13:15:02.994 16001-0-0 24084-0-1 - 0 21.9 M 342000 175.1 M 1
2016-05-10 13:15:02.886 16028-0-0 130819-0-1 - 0 507.8 M 7.9 M 4.1 G 1
2016-05-10 13:15:02.898 16001-0-0 24087-0-1 - 0 100.7 M 1.6 M 806.4 M 1
2016-05-10 13:16:00.898 16006-7-0 130924-7-1 - 0 0 1000 62000 1
2016-05-10 13:16:22.637 155830-6-1 0-0-0 - UDP 0 1000 66000 1
2016-05-10 13:15:33.895 16006-0-0 130924-0-1 - 0 1.0 G 15.9 M 8.2 G 1
2016-05-10 13:16:06.060 16001-0-0 24085-0-1 - 0 21.2 M 331000 169.5 M 1
2016-05-10 13:16:05.877 16006-0-0 130938-0-1 - 0 19.2 M 300000 153.6 M 1
2016-05-10 13:16:05.970 16006-0-0 130937-0-1 - 0 20.9 M 326000 166.9 M 1
2016-05-10 13:16:05.880 16001-0-0 24086-0-1 - 0 65.2 M 1.0 M 522.8 M 1
2016-05-10 13:16:06.528 16006-0-0 130936-0-1 - 0 19.3 M 298000 152.6 M 1
2016-05-10 13:16:05.925 16006-0-0 130957-0-1 - 0 97.6 M 1.5 M 781.8 M 1
2016-05-10 13:16:07.007 16001-0-0 24080-0-1 - 0 22.1 M 344000 176.1 M 1
2016-05-10 13:16:06.974 16001-0-0 24084-0-1 - 0 19.2 M 298000 152.6 M 1
2016-05-10 13:16:07.097 16006-0-0 130939-0-1 - 0 58.5 M 913000 467.5 M 1
2016-05-10 13:16:06.905 16028-0-0 130819-0-1 - 0 506.2 M 7.9 M 4.1 G 1
2016-05-10 13:16:06.872 16001-0-0 24087-0-1 - 0 103.5 M 1.6 M 829.4 M 1
2016-05-10 13:16:37.871 16006-0-0 130924-0-1 - 0 1.0 G 15.7 M 8.0 G 1
2016-05-10 13:17:41.340 16018-6-1 0-0-0 - TCP 0 1000 74000 1
2016-05-10 13:17:09.984 16001-0-0 24085-0-1 - 0 19.4 M 301000 154.1 M 1
2016-05-10 13:17:10.044 16001-0-0 24086-0-1 - 0 60.6 M 944000 483.3 M 1
2016-05-10 13:17:09.987 16006-0-0 130938-0-1 - 0 19.4 M 302000 154.6 M 1
2016-05-10 13:17:10.044 16006-0-0 130937-0-1 - 0 19.5 M 303000 155.1 M 1
2016-05-10 13:17:09.909 16006-0-0 130957-0-1 - 0 97.1 M 1.5 M 777.2 M 1
2016-05-10 13:17:09.891 16006-0-0 130936-0-1 - 0 19.2 M 298000 152.6 M 1
2016-05-10 13:17:11.528 16001-0-0 24084-0-1 - 0 19.3 M 297000 152.1 M 1
2016-05-10 13:17:10.871 16001-0-0 24087-0-1 - 0 95.6 M 1.5 M 764.4 M 1
2016-05-10 13:17:10.871 16028-0-0 130819-0-1 - 0 498.7 M 7.8 M 4.0 G 1
2016-05-10 13:17:11.543 16001-0-0 24080-0-1 - 0 19.1 M 292000 149.5 M 1
2016-05-10 13:17:10.892 16006-0-0 130939-0-1 - 0 57.4 M 896000 458.8 M 1
2016-05-10 13:17:41.875 16006-0-0 130924-0-1 - 0 1.0 G 16.0 M 8.2 G 1
2016-05-10 13:18:33.554 16028-7-0 130818-7-1 - 0 0 1000 62000 1
Summary: total flows: 55, total bytes: 70935422000, total packets: 138551000, avg bps: 1772731855, avg pps: 432812, avg bpp: 511
Time window: 2016-05-10 13:13:25 - 2016-05-10 13:18:45
Total flows processed: 55, Blocks skipped: 0, Bytes read: 7012
Sys: 0.004s flows/second: 13750.0 Wall: 0.010s flows/second: 5444.5
Then when I agregate mpls1 and mpls2 labels:
user@ubuntu15:/user/router1$ nfdump -r nfcapd.201605101315 -A mpls1,mpls2 -s record/flows -o "fmt:%ts %mpls1 %mpls2 - %pr %bps %pkt %byt %fl"
Aggregated flows 17
Top 10 flows ordered by flows:
Date first seen MPLS lbl 1 MPLS lbl 2 Proto bps Packets Bytes Flows
2016-05-10 13:13:25.881 3718-0-0 130924-0-0 - 0 1.0 G 79.2 M 40.6 G 6
2016-05-10 13:13:58.973 3713-0-0 24080-0-0 - 0 20.6 M 1.3 M 657.9 M 4
2016-05-10 13:13:57.881 3718-0-0 130957-0-0 - 0 98.9 M 6.2 M 3.2 G 4
2016-05-10 13:13:57.878 3718-0-0 130936-0-0 - 0 19.6 M 1.2 M 626.2 M 4
2016-05-10 13:13:58.874 3713-0-0 24087-0-0 - 0 100.2 M 6.3 M 3.2 G 4
2016-05-10 13:13:58.871 3740-0-0 130819-0-0 - 0 505.8 M 31.6 M 16.2 G 4
2016-05-10 13:13:57.995 3718-0-0 130938-0-0 - 0 19.7 M 1.2 M 628.2 M 4
2016-05-10 13:13:57.986 3713-0-0 24085-0-0 - 0 20.6 M 1.3 M 656.9 M 4
2016-05-10 13:13:57.929 3713-0-0 24086-0-0 - 0 62.3 M 3.9 M 2.0 G 4
2016-05-10 13:13:58.946 3718-0-0 130939-0-0 - 0 61.1 M 3.8 M 2.0 G 4
Summary: total flows: 55, total bytes: 70935422000, total packets: 138551000, avg bps: 1772731855, avg pps: 432812, avg bpp: 511
Time window: 2016-05-10 13:13:25 - 2016-05-10 13:18:45
Total flows processed: 55, Blocks skipped: 0, Bytes read: 7012
Sys: 0.004s flows/second: 13750.0 Wall: 0.005s flows/second: 10958.4
Best regards
from nfdump.
Related Issues (20)
- nfdump fails to filter for geo country "IN" HOT 1
- nfdump not showing NAT/Translated IPs for sflow HOT 3
- sfcapd writes empty flow files when samples contain VNI data
- Repeated "SequencerRun() ERROR" message in log HOT 4
- nfcapd logs problem ? HOT 3
- Can't find ftlib.h durning configure ft2nfdump HOT 2
- RAM consumption HOT 2
- NEL Port Block Allocation / Deallocation Events HOT 1
- Is it possible to know if a flow contained fragmented traffic? HOT 6
- nfdump current (1.7.3) has a bug exporting NSEL (cisco ASA) fw events HOT 3
- when daemonizing, requesting to set uid and gid to some user AND writing PIDfile -> permission denied encountered HOT 4
- feature: it will be very cool if nfcapd switch '-n' allow specifying port to listen to. not globally single '-p' but per-configured exporter HOT 3
- sfcapd -T Extensions 1.6.x missing in 1.7.x HOT 2
- nfprofile: Skip unknown record type 13 (after upgrrading from 1.6.20 to 1.7.3) HOT 8
- Sfcapd not processing netflow... HOT 2
- Include dependencies? HOT 4
- sfcapd not working properly after last commits HOT 4
- GCC14 build failure HOT 5
- nfdump: Skip unknown record type 9 HOT 6
- Troubleshooting NetFlow Data Collection and Router Address Display HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nfdump.