Number of packets is incorrect

cisco / joy

A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring.

Other

1.31k stars 329 forks source link

Number of packets is incorrect #295

Open joemikhailgwu opened 3 years ago

joemikhailgwu commented 3 years ago

I started using joy to process a simple TLS flow but noticed the number of packets shown does not match the number of packets in wireshark. There should be a total of 527 packetes, but joy only shows 120 from source to destination (which is correct), and 151 from destination to source (incorrect). This number should be 407.

aouinizied commented 3 years ago

@joemikhailgwu can you share the pcap in order to investigate. Moreover, is it possible to share the resulting flows using another framework (for example: https://github.com/nfstream/nfstream)