Netflow Tools

NetFlow tools provide visibility into network operations that traditional SNMP monitoring might miss: More Netflow Tools: For Performance and Security - USENIX

Every time a device talks to another device, NetFlow records the "5-Tuple": netflow tools

# nfdump nfdump -R /data -s bytes/bytes # Top talkers nfdump -R /data -N -o "fmt:%ts %sa %da %pkt" # Custom output nfdump -R /data -r "proto tcp and port 443" # Filter HTTPS netflow tools

| Symptom | Likely Cause | Fix | |---------|--------------|-----| | No flows received | ACL blocking UDP 2055 | show access-list | | Flows show 0 bytes | Sampling rate too high | Reduce sampling-rate | | AS numbers are 0 | BGP table not loaded | ip flow-export bgp-nexthop | | Timestamps wrong | NTP drift | ntp peer on exporter | | High CPU on router | Flow cache too large | ip flow-cache entries 65536 | netflow tools

ip flow-cache timeout active 1 # Export every 1 min (active flows) ip flow-cache timeout inactive 15 # Export after 15 sec idle ip flow-cache timeout fast 30 # For TCP FIN/RST

	004923249105818

	info@bike-onlineshop.de

Netflow Tools

Cookie settings