timestamping of netwlow events
First of all, thank you for a fine and powerful tool for traffic analysis.
Nevertheless, I'd like to note on some inconveniences.
Seems, NetFlow Analyser is using a current time (on a running server) for stamping accepted netflow datagrams,
and is not using the time, that has been used by a router/device for stamping netflow PDUs.
This is not quite correct for estimating real time of flow/traffic events.
i.e. it is not possible to reproduce netflow by any proxy tool like flowtools and direct it to netflow analyzer.
An original timestamps of PDUs is being changed to current time of PDU receiving.
This shifts real traffic events to current time and distorted all realtime behaviour (bandwith estimation etc.)
Is it right?
Can you utilize an original netflow PDU timestamps instead of time of datagrams receiving?
Nevertheless, I'd like to note on some inconveniences.
Seems, NetFlow Analyser is using a current time (on a running server) for stamping accepted netflow datagrams,
and is not using the time, that has been used by a router/device for stamping netflow PDUs.
This is not quite correct for estimating real time of flow/traffic events.
i.e. it is not possible to reproduce netflow by any proxy tool like flowtools and direct it to netflow analyzer.
An original timestamps of PDUs is being changed to current time of PDU receiving.
This shifts real traffic events to current time and distorted all realtime behaviour (bandwith estimation etc.)
Is it right?
Can you utilize an original netflow PDU timestamps instead of time of datagrams receiving?
Topic Participants
georgi_me
Resolution208
New to M365 Manager Plus?
New to M365 Manager Plus?
New to RecoveryManager Plus?
New to RecoveryManager Plus?
New to Exchange Reporter Plus?
New to Exchange Reporter Plus?
New to SharePoint Manager Plus?
New to SharePoint Manager Plus?
New to ADManager Plus?