2
3
4
6 flow-stat — Generate reports with flow data.
7
9 flow-stat [-hnpPw] [-d debug_level] [-f format] [-S sort_field] [-s
10 sort_field] [-t tally_lines] [-T title]
11
13 The flow-stat utility generates usage reports for flow data sets by IP
14 address, IP address pairs, ports, packets, bytes, interfaces, next
15 hops, autonomous systems, ToS bits, exporters, and tags.
16
18 -d debug_level
19 Enable debugging.
20
21 -f format
22
23 Report format. Choose from the following:
24
25 0 Overall Summary
26 1 Average packet size distribution
27 2 Packets per flow distribution
28 3 Octets per flow distribution
29 4 Bandwidth per flow distribution
30 5 UDP/TCP destination port
31 6 UDP/TCP source port
32 7 UDP/TCP port
33 8 Destination IP
34 9 Source IP
35 10 Source/Destination IP
36 11 Source or Destination IP
37 12 IP protocol
38 13 octets for flow duration plot data
39 14 packets for flow duration plot data
40 15 short summary
41 16 IP Next Hop
42 17 Input interface
43 18 Output interface
44 19 Source AS
45 20 Destination AS
46 21 Source/Destination AS
47 22 IP ToS
48 23 Input/Output Interface
49 24 Source Prefix
50 25 Destination Prefix
51 26 Source/Destination Prefix
52 27 Exporter IP
53 28 Engine Id
54 29 Engine Type
55 30 Source Tag
56 31 Destination Tag
57 32 Source/Destination Tag
58
59 -h Display help.
60
61 -n Use symbolic names where appropriate.
62
63 -p Display header information.
64
65 -P Report as percent total.
66
67 -s sort_field
68 Sort ascending on field sort_field.
69
70 -S sort_field
71 Sort descending on field sort_field.
72
73 -t tally_lines
74 Tally totals every tally_lineslines.
75
76 -T title Set report title to title.
77
78 -w Wide output.
79
81 Provide a report on top source/destination IP pairs sorted by octets,
82 report in percent total form for the flows in /flows/krc4. Use the
83 preload option to flow-cat to preserve meta information and display it
84 with flow-stat.
85
86 flow-cat -p /flows/krc4 | flow-stat -f10 -P -p -S4
87
89 Many times a campus network will have a single border router which has
90 one interface pointing to the internal side and many interfaces point‐
91 ing to other providers. These interfaces each have a unique numerical
92 id known in SNMP terms as an ifIndex. The ifIndex to interface name
93 mappings can be determined by using a tool such as snmpwalk or using
94 show commands in recent versions of IOS with the 'show snmp mib ifmib
95 ifindex' or JunOS 'show interfaces'. Once the ifIndex for each inter‐
96 face is known flow-filter can be combined with flow-stat to provide
97 reports such as inbound vs outbound top src/destination IP addresses.
98
99 Provide a top source IP address report by outbound traffic, ie the top
100 senders of traffic on the campus network. Assume the ifIndex of the
101 campus interface is 5.
102
103 flow-cat -p /flows/krc4 | flow-filter -i5 | flow-stat -f9 -P -p -S3
104
106 Provide a top destination IP address report by outbound traffic, ie the
107 top sinks of traffic on the campus network. Assume the ifIndex of the
108 campus interface is 5.
109
110 flow-cat -p /flows/krc4 | flow-filter -I5 | flow-stat -f8 -P -p -S3
111
113 Provide a top source/destination AS report. Use symbolic names.
114
115 flow-cat -p /flows/krc4 | flow-stat -f20 -n -P -p -S4
116
118 None known.
119
121 Mark Fullmer maf@splintered.net
122
124 flow-tools(1)
125
126
127
128 flow-stat(1)