Re: [Nfdump-discuss] nfcapd sees no netflow traffic?
netflow collecting and processing tools
Brought to you by:
phaag
From: Steven G. <st...@gi...> - 2009-06-18 02:18:38
|
The problem could be from iptables; as tcpdump behaves like it's between iptables and the Internet, you can see traffic with tcpdump that iptables is blocking. A nice, brief explanation, with diagram, is provided here: "Who came first: iptables or tcpdump" (not my site) http://mydebian.blogdns.org/?p=85 I only mention this because I've made this mistake several times when setting up nfcapd. Steven On Wed, Jun 17, 2009 at 5:55 PM, fedora fedora <fed...@gm...> wrote: > Hello everyone, > > I have been trying a whole day to get nfcapd to capture the netflow record > without any luck, so I figured it is time to ask... > > The server i am using is running 64bit ubuntu 8.10 server edition, and > netflow traffic is being sent over on port 10001. > > root@sflow5:/nfdata/# nfcapd -V > nfcapd: Version: 1.5.8 $LastChangedDate: 2008-02-21 10:50:02 +0100 (Thu, 21 > Feb 2008) $ > $Id: nfcapd.c 9 2009-05-07 08:59:31Z haag $ > > the command I run > > "nfcapd -w -D -I Test -p 10001 -S 1 -l /nfdata" > > The problem is, it seems that nfcapd is not seeing anything coming, all > files generated are 276byte size without any real data inside. > > Jun 17 16:30:10 sflow5 /usr/local/bin/nfcapd[5387]: Ident: 'Test' Flows: 0, > Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0 > > I also tried aother command, like > > "nfcapd -p 10001 -E", nothing happens, > > btw, I am sure the netflow traffic is being sent to this port, i run a > tcpdump on port 10001 and the catpured file was succefully recognized by > wireshark as netflow v5 data. > > What might be wrong? why nfsen sees no netflow traffic at all? > > Any help will be greatly appreciated! > > FD > > > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensing option that enables unlimited > royalty-free distribution of the report engine for externally facing > server and web deployment. > http://p.sf.net/sfu/businessobjects > _______________________________________________ > Nfdump-discuss mailing list > Nfd...@li... > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss > > |