[netflow-tools] flowd-reader export
Yann Berthier
yb at bashibuzuk.net
Wed Mar 29 00:56:32 EST 2006
On Sat, 25 Mar 2006, at 11:12, Damien Miller wrote:
> On Fri, 24 Mar 2006, Nathan Einwechter wrote:
>
> >
> > Along the same lines of this question; when NetFlow lists something as
> > being the "Source", for TCP connections, does this mean the full
> > connection source (within the context of a TCP connection,
> > three-way-handshake etc), or just where that specific set of packets is
> > going to/coming from?
>
> The latter, unfortunately.
>
> NetFlow's design shows its lineage as part of Cisco's old forwarding
> cache - it doesn't have any conceptions of bidirectionality. Even
> NetFlow v.9 has not addressed this problem.
>
> Maybe IPFIX (IETF flow export) will, but I haven't looked at the
> drafts for a while.
There is a biflow draft btw:
http://www.ietf.org/internet-drafts/draft-boschi-ipfix-biflow-01.txt
there is discussions regarding this draft on the ipfix list
More information about the netflow-tools
mailing list