Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

sFlow counter sample versus flow sample

 

Information

 

Summary:

There are counter samples and flow samples in the sFlow data. Counter samples contain only statistics about bytes/packets but no IP addresses/ports, timestamps, and other information required in flow data. The collector doesn't receive counter samples, it receives only flow samples.

Environment:

Product: Flowmon Collector

Version: Any

Platform: Any

Question/Problem Description:

I cannot see any sFlow data in the collector even though some sFlow traffic is visible with tcpdump.

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution:

It is possible to capture the sFlow data with the tcpdump, eg.

tcpdump -i eth0 -w /data/tmp/sflow.pcap 'host <flow_source_IP>'

download the capture via SCP, open it in Wireshark, and check if some flow samples are present.

Flow sample:
sflow

Counter sample:

sflow

Workaround:  
Notes: https://sflow.org/sflow_version_5.txt
Chapters:
3.1 Packet Flow Sampling
3.2 Counter Sampling

Was this article helpful?
1 out of 1 found this helpful

Comments