gMegaFlow: demystifying port stats
gMegaFlow: demystifying port stats
gMegaFlow port stats are a little confusing.
* class
* direction
* Out=sending port, In=receiving port
Inbound flows; [off campus host to on campus host]
remote host: sending port is outbound [class=external, direction=external]
local host: receiving port is inbound [class=external, direction=internal]
Outbound flows; [on campus host to off campus host]
local host: sending port is outbound: [class=external, direction=internal]
remote host: receiving port is inbound [class=external, direction=external]
* There is no information on send/recv port tuples; ie, how much was sent by 53 and received by 80.
* unreserved [1024+] ports, which are NOT tracked.
In the attached example, what is observed is a large outbound [from campus] flood to port 53 on external hosts. The information about the source port is not divulged.
* class
- external is about a flow between an on-campus and off-campus host
* direction
- internal is about an on-campus host.
- external is about an off-campus host.
* Out=sending port, In=receiving port
Inbound flows; [off campus host to on campus host]
remote host: sending port is outbound [class=external, direction=external]
local host: receiving port is inbound [class=external, direction=internal]
Outbound flows; [on campus host to off campus host]
local host: sending port is outbound: [class=external, direction=internal]
remote host: receiving port is inbound [class=external, direction=external]
* There is no information on send/recv port tuples; ie, how much was sent by 53 and received by 80.
* unreserved [1024+] ports, which are NOT tracked.
In the attached example, what is observed is a large outbound [from campus] flood to port 53 on external hosts. The information about the source port is not divulged.