Re: relative traffic snapshots

Andrew Molitor <amolitor@anubis.network.com> Sun, 11 February 1996 01:30 UTC

Date: Sat, 10 Feb 96 19:10:12 CST
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Andrew Molitor <amolitor@anubis.network.com>
Message-Id: <9602110110.AA03526@anubis.network.com>
To: big-internet@munnari.oz.au
Subject: Re: relative traffic snapshots
Precedence: bulk

	Every so often I go back and stare at these flow statistics, 
and it has occured to me (after a long time, I'm a little dim) that
I don't know what a flow is, to a 7513. Is it:

	1) bi-directional or uni-directional? I.E. does a bi-directional
TCP stream get charged to 2 flows or 1?

	2) what's the resolution of an endpoint? Since it's broken out by
type, I gather than ports are involved, but is it dest port only? That
is, does a WWW flow mean 'traffic from host A to/from host B that was
WWW' or does it mean 'a single TCP connection from host A to host B
with dest port == 80'? For something like http, this makes a pretty
big difference! Also, is the non-port part a host or a routing table
entry?

	Finally, if the answers to all the above foo are such that it
makes sense to even ask, does the flow counting gear snoop TCP
flags to catch setup/teardown, or does it just approximate by looking
at (lhost, lport, rhost, rport, proto) 5-tuples?

relative traffic snapshots Sean Doran
Re: relative traffic snapshots k claffy
Re: relative traffic snapshots Dorian Kim
Re: relative traffic snapshots Andrew Molitor
Re: relative traffic snapshots Tony Li
Re: relative traffic snapshots Dorian Kim
Re: relative traffic snapshots Sean Doran
Re: relative traffic snapshots Dorian Kim
Re: relative traffic snapshots Andrew Molitor