1FLOW-STAT(1) FLOW-STAT(1)
2
6 flow-stat - Generate reports with flow data.
7
9 flow-stat [ -hnpPw ] [ -d debug_level ] [ -f format ] [ -S
10 sort_field ] [ -s sort_field ] [ -t tally_lines ] [ -T title ]
11
13 The flow-stat utility generates usage reports for flow data sets by IP
14 address, IP address pairs, ports, packets, bytes, interfaces, next
15 hops, autonomous systems, ToS bits, exporters, and tags.
16
18 -d debug_level
19 Enable debugging.
20 -f format
22 Report format. Choose from the following:
24 0 Overall Summary
26 1 Average packet size distribution
27 2 Packets per flow distribution
28 3 Octets per flow distribution
29 4 Bandwidth per flow distribution
30 5 UDP/TCP destination port
31 6 UDP/TCP source port
32 7 UDP/TCP port
33 8 Destination IP
34 9 Source IP
35 10 Source/Destination IP
36 11 Source or Destination IP
37 12 IP protocol
38 13 octets for flow duration plot data
39 14 packets for flow duration plot data
40 15 short summary
41 16 IP Next Hop
42 17 Input interface
43 18 Output interface
44 19 Source AS
45 20 Destination AS
46 21 Source/Destination AS
47 22 IP ToS
48 23 Input/Output Interface
49 24 Source Prefix
50 25 Destination Prefix
51 26 Source/Destination Prefix
52 27 Exporter IP
53 28 Engine Id
54 29 Engine Type
55 30 Source Tag
56 31 Destination Tag
57 32 Source/Destination Tag
58 -h Display help.
61 -n Use symbolic names where appropriate.
63 -p Display header information.
65 -P Report as percent total.
67 -s sort_field
69 Sort ascending on field sort_field.
70 -S sort_field
72 Sort descending on field sort_field.
73 -t tally_lines
75 Tally totals every tally_lineslines.
76 -T title
78 Set report title to title.
79 -w Wide output.
81
83 Provide a report on top source/destination IP pairs sorted by octets,
84 report in percent total form for the flows in /flows/krc4. Use the
85 preload option to flow-cat to preserve meta information and display it
86 with flow-stat.
87 flow-cat -p /flows/krc4 | flow-stat -f10 -P -p -S4
89
91 Many times a campus network will have a single border router which has
92 one interface pointing to the internal side and many interfaces point‐
93 ing to other providers. These interfaces each have a unique numerical
94 id known in SNMP terms as an ifIndex. The ifIndex to interface name
95 mappings can be determined by using a tool such as snmpwalk or using
96 show commands in recent versions of IOS with the 'show snmp mib ifmib
97 ifindex' or JunOS 'show interfaces'. Once the ifIndex for each inter‐
98 face is known flow-filter can be combined with flow-stat to provide
99 reports such as inbound vs outbound top src/destination IP addresses.
100 Provide a top source IP address report by outbound traffic, ie the top
101 senders of traffic on the campus network. Assume the ifIndex of the
102 campus interface is 5.
103 flow-cat -p /flows/krc4 | flow-filter -i5 | flow-stat -f9 -P -p -S3
105
107 Provide a top destination IP address report by outbound traffic, ie the
108 top sinks of traffic on the campus network. Assume the ifIndex of the
109 campus interface is 5.
110 flow-cat -p /flows/krc4 | flow-filter -I5 | flow-stat -f8 -P -p -S3
112
114 Provide a top source/destination AS report. Use symbolic names.
115 flow-cat -p /flows/krc4 | flow-stat -f20 -n -P -p -S4
117
119 None known.
120
122 Mark Fullmer <maf@splintered.net>
123
125 flow-tools(1)
126 26 Август 2010 FLOW-STAT(1)