Hi!
I did not find further documentation about the new netflow-feature:
Is it possible to configure “Active Flow Timeout” and “Inactive Flow Timeout”?
What are the default values?
One strange thing in the netflow-stream are multiple connections, which do not make sense:
127.0.0.1:80 → 127.0.0.1:457XX
0.0.0.0 → 255.255.255.255
ROUTERIP:0 → NetworkIPs:2048 → WINS is not enabled!
Thank you for your help!
Supposedly you should only see this :
15:20:22.911575 IP localhost.47856 > 192.168.52.38.2057: UDP, length 1388
15:20:23.119579 IP localhost.47856 > 192.168.52.38.2057: UDP, length 1420
15:20:23.331566 IP localhost.47856 > 192.168.52.38.2057: UDP, length 1400
15:20:24.067570 IP localhost.47856 > 192.168.52.38.2057: UDP, length 1406
15:20:24.487557 IP localhost.47856 > 192.168.52.38.2057: UDP, length 1388
15:20:24.799575 IP localhost.47856 > 192.168.52.38.2057: UDP, length 1384
15:20:25.007578 IP localhost.47856 > 192.168.52.38.2057: UDP, length 1396
15:20:25.531580 IP localhost.47856 > 192.168.52.38.2057: UDP, length 1404
15:20:25.743571 IP localhost.47856 > 192.168.52.38.2057: UDP, length 1394
15:20:26.055573 IP localhost.47856 > 192.168.52.38.2057: UDP, length 1364
15:20:26.371568 IP localhost.47856 > 192.168.52.38.2057: UDP, length 1408
15:20:26.787572 IP localhost.47856 > 192.168.52.38.2057: UDP, length 1380
15:20:27.103574 IP localhost.47856 > 192.168.52.38.2057: UDP, length 1380
15:20:27.423576 IP localhost.47856 > 192.168.52.38.2057: UDP, length 1372
15:20:27.635574 IP localhost.47856 > 192.168.52.38.2057: UDP, length 1368
Do you have the full capture file that can PM me ?
For the “Active Flow Timeout” and “Inactive Flow Timeout” default setting , let me confirm and get back to you .
May i know which interface is use to send the Netflow traffics ?
Below are the sample configuration, if the Netflow Collector is located at LAN then just capture LAN interface will do.
@sitloongs
I am sending the NetFlow Data to a server that is reachable through Speedfusion.
The receiver is getting valid data - except the examples, I have sent to you.
I did not find any possibility to adjust the interface, that is monitored, but I can see sessions on all LAN-interfaces AND on the WAN-interfaces!
Do mean mean the above traffics ? This seen like not the traffics that will route in the tunnels. It seen like local traffics from LAN network instead. Seen Netflow is sent via SpeedFusion, i may need to check from the device inorder to confirm which device generate such traffics. Can you please PM me your device SN for both end device and enable RA access for me to check further ?
The active / inactive timeout is an important setting to be able to modify. Specifically, the active timeout can impact the accuracy of reporting of NetFlow in any tool. It appears that the current setting, which I don’t see a way to modify, is 30 minutes. This means that for a long file transfer, an update will only be sent to the NetFlow collector once every 30 minutes. This can make it look like all the data that was transferred over 30 minutes actually transferred in one minute when viewing the reporting. A 1 minute active timeout is required for many NetFlow tools, even SolarWinds, to accurately trend out traffic volumes across time.
I have discussed with Engineering team and the Netflow MIB features will be consider for future firmware. As for firmware 8.1.0, by enabling the Netflow configuration at the Support.cgi page, the device will only export the IP Flows information to the Netflow collector.
