[netflow-tools] Weird duplicate netflow records
Franz Böhm
fboehm at aon.at
Mon Jan 5 10:14:58 EST 2009
Please have a look at the following netflow records. Sometimes I get
double records like the samples below.
They were generated with pfflowd, collected with nfcapd and viewed with
nfdump.
2009-01-04 11:00:26.556 5167.000 TCP 10.0.3.34:4147 ->
80.140.195.57:30730 8118 9.4 M 1
2009-01-04 11:00:26.556 5167.000 TCP 80.140.195.57:30730 ->
10.0.3.34:4147 4583 188560 1
2009-01-04 11:00:25.990 5178.000 TCP 10.0.3.34:4147 ->
80.140.195.57:30730 8118 9.4 M 1
2009-01-04 11:00:25.990 5178.000 TCP 80.140.195.57:30730 ->
10.0.3.34:4147 4583 188560 1
2009-01-04 14:25:26.720 800.000 TCP 10.0.3.50:1942 ->
87.248.217.89:80 19858 802352 1
2009-01-04 14:25:26.720 800.000 TCP 87.248.217.89:80 ->
10.0.3.50:1942 38147 53.9 M 1
2009-01-04 14:25:25.720 801.000 TCP 10.0.3.50:1942 ->
87.248.217.89:80 19858 802352 1
2009-01-04 14:25:25.720 801.000 TCP 87.248.217.89:80 ->
10.0.3.50:1942 38147 53.9 M 1
I would be very thankful if someone has a hint for me.
More information about the netflow-tools
mailing list