1FLOW-STAT(1)                                                      FLOW-STAT(1)
2
3
4

NAME

6       flow-stat - Generate reports with flow data.
7

SYNOPSIS

9       flow-stat  [  -hnpPw  ]   [  -d  debug_level  ]   [  -f  format ]  [ -S
10       sort_field ]  [ -s sort_field ]  [ -t tally_lines ]  [ -T title ]
11

DESCRIPTION

13       The flow-stat utility generates usage reports for flow data sets by  IP
14       address,  IP  address  pairs,  ports,  packets, bytes, interfaces, next
15       hops, autonomous systems, ToS bits, exporters, and tags.
16

OPTIONS

18       -d debug_level
19              Enable debugging.
20
21       -f format
22
23              Report format.  Choose from the following:
24
25                  0  Overall Summary
26                  1  Average packet size distribution
27                  2  Packets per flow distribution
28                  3  Octets per flow distribution
29                  4  Bandwidth per flow distribution
30                  5  UDP/TCP destination port
31                  6  UDP/TCP source port
32                  7  UDP/TCP port
33                  8  Destination IP
34                  9  Source IP
35                  10 Source/Destination IP
36                  11 Source or Destination IP
37                  12 IP protocol
38                  13 octets for flow duration plot data
39                  14 packets for flow duration plot data
40                  15 short summary
41                  16 IP Next Hop
42                  17 Input interface
43                  18 Output interface
44                  19 Source AS
45                  20 Destination AS
46                  21 Source/Destination AS
47                  22 IP ToS
48                  23 Input/Output Interface
49                  24 Source Prefix
50                  25 Destination Prefix
51                  26 Source/Destination Prefix
52                  27 Exporter IP
53                  28 Engine Id
54                  29 Engine Type
55                  30 Source Tag
56                  31 Destination Tag
57                  32 Source/Destination Tag
58
59
60       -h     Display help.
61
62       -n     Use symbolic names where appropriate.
63
64       -p     Display header information.
65
66       -P     Report as percent total.
67
68       -s sort_field
69              Sort ascending on field sort_field.
70
71       -S sort_field
72              Sort descending on field sort_field.
73
74       -t tally_lines
75              Tally totals every tally_lineslines.
76
77       -T title
78              Set report title to title.
79
80       -w     Wide output.
81

EXAMPLES

83       Provide a report on top source/destination IP pairs sorted  by  octets,
84       report  in  percent  total  form for the flows in /flows/krc4.  Use the
85       preload option to flow-cat to preserve meta information and display  it
86       with flow-stat.
87
88       flow-cat -p /flows/krc4 | flow-stat -f10 -P -p -S4
89

EXAMPLES

91       Many  times a campus network will have a single border router which has
92       one interface pointing to the internal side and many interfaces  point‐
93       ing  to  other providers. These interfaces each have a unique numerical
94       id known in SNMP terms as an ifIndex. The  ifIndex  to  interface  name
95       mappings  can  be  determined by using a tool such as snmpwalk or using
96       show commands in recent versions of IOS with the 'show snmp  mib  ifmib
97       ifindex'  or  JunOS 'show interfaces'. Once the ifIndex for each inter‐
98       face is known flow-filter can be combined  with  flow-stat  to  provide
99       reports  such  as inbound vs outbound top src/destination IP addresses.
100       Provide a top source IP address report by outbound traffic, ie the  top
101       senders  of  traffic  on  the campus network. Assume the ifIndex of the
102       campus interface is 5.
103
104       flow-cat -p /flows/krc4 | flow-filter -i5 | flow-stat -f9 -P -p -S3
105

EXAMPLES

107       Provide a top destination IP address report by outbound traffic, ie the
108       top  sinks  of traffic on the campus network. Assume the ifIndex of the
109       campus interface is 5.
110
111       flow-cat -p /flows/krc4 | flow-filter -I5 | flow-stat -f8 -P -p -S3
112

EXAMPLES

114       Provide a top source/destination AS report. Use symbolic names.
115
116       flow-cat -p /flows/krc4 | flow-stat -f20 -n -P -p -S4
117

BUGS

119       None known.
120

AUTHOR

122       Mark Fullmer <maf@splintered.net>
123

SEE ALSO

125       flow-tools(1)
126
127
128
129                                26 Август 2010                    FLOW-STAT(1)
Impressum