[c-nsp] Sup2T / EARL8 Netflow oddities
Jeroen van Ingen
jeroen at zijndomein.nl
Mon Apr 29 09:26:47 EDT 2013
Hi,
Our university upgraded from Cat6k/Sup720-3B to Cat6k/Sup2TXL a while
ago. Recently a few researchers who use our NetFlow data noticed that
the NetFlow exports sometimes contain strange values: there are flow
records with a negative duration (flow end before flow start time) and
some exported flows are far (>1 month) in the past or future.
We're currently running IOS 15.1(1)SY. Has anyone else noticed something
similar?
If anyone wants to check their NetFlow v9 exports: Wireshark will show
flowsets containing flow records with negative duration when using the
display filter 'cflow.timedelta < 0'.
Regards,
Jeroen van Ingen
ICT Service Centre
University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands
More information about the cisco-nsp
mailing list