Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfflowd generates somtetimes double records

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      ramaza
      last edited by

      Hi!

      I use pfSense 1.2.1 with pfflowd package together with nfcapd and nfdump for collecting and viewing the netflow records.

      Sometimes there are double records where there should only be one.

      Here are two examples:

      
2009-01-04 11:00:26.556  5167.000 TCP          10.0.3.34:4147  ->    80.140.195.57:30730     8118    9.4 M     1
2009-01-04 11:00:26.556  5167.000 TCP      80.140.195.57:30730 ->        10.0.3.34:4147      4583   188560     1
2009-01-04 11:00:25.990  5178.000 TCP          10.0.3.34:4147  ->    80.140.195.57:30730     8118    9.4 M     1
2009-01-04 11:00:25.990  5178.000 TCP      80.140.195.57:30730 ->        10.0.3.34:4147      4583   188560     1


      
2009-01-04 14:25:26.720   800.000 TCP          10.0.3.50:1942  ->    87.248.217.89:80       19858   802352     1
2009-01-04 14:25:26.720   800.000 TCP      87.248.217.89:80    ->        10.0.3.50:1942     38147   53.9 M     1
2009-01-04 14:25:25.720   801.000 TCP          10.0.3.50:1942  ->    87.248.217.89:80       19858   802352     1
2009-01-04 14:25:25.720   801.000 TCP      87.248.217.89:80    ->        10.0.3.50:1942     38147   53.9 M     1

      Is it a bug in pfflowd or is there something wrong with my configuration?

      Thanks for your help,
      Franz

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.