Hi,
IMO, While your observation is correct, if the sampling rate is one,
you should get all
the packets and therefore any content in it.
If it is not, the sample packet is a representation of the traffic and
the assumption
is if you have several samples at least of one of them will carry your
required data.
( you could refer to a nice introduction to packet sampling theory,
in the slow.org page)
Please also note all the while that sFlow is not same as packet
sniffing or port mirroring
where you intent to capture every packet and parse it.
It is a statistical measurement of the traffic flows happening thru your device.
-Sujay
On Thu, Oct 29, 2009 at 8:17 PM, fedora fedora <fedorafans@gmail.com> wrote:
> Hello, pardon me if this is too simple but i cannot find any answer for
> this.
>
> Sflow is sample based, which means for every X number of packet, 1 gets
> picked and gets sent out to collector immediately, so in this case, how can
> this single packet includes all the fields necessary? for example, for http
> traffic, if the sampled packet does not carry URL, how can I get URL?
> similar case, for radius traffic, how can i get Username? It is very likely
> the sampled packet does not carry this information at all.
>
> Am i wrong? Thanks
Received on Thu Oct 29 08:30:24 2009
This archive was generated by hypermail 2.1.8 : 02/17/10 PST