sudo tcpdump -i enp38s0 port 9996
[sudo] password for coselem:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp38s0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:31:03.113980 IP 172.16.x.x.49955 > coselem-HP-ProBook-4330s.9996: UDP,
length 1464
16:31:03.114361 IP 172.16.x.x.49955 > coselem-HP-ProBook-4330s.9996: UDP,
length 1464
16:31:03.114459 IP 172.16.x.x.49955 > coselem-HP-ProBook-4330s.9996: UDP,
length 1464
when i i check the status of nfsen i get the following informations.
$ service nfsen status
● nfsen.service - NfSen Service
Loaded: loaded (/etc/systemd/system/nfsen.service; enabled; vendor
preset: enabled)
Active: active (running) since Fri 2020-09-11 07:46:29 EAT; 8h ago
Main PID: 1632 (nfsend)
Tasks: 4 (limit: 4555)
CGroup: /system.slice/nfsen.service
├─1516 /opt/nfdump/bin/nfcapd -w -D -p 9996 -u netflow -g
www-data -B 200000 -S 1 -P /opt/nfsen/var/r
├─1522 /opt/nfdump/bin/nfcapd -w -D -p 9995 -u netflow -g
www-data -B 200000 -S 1 -P /opt/nfsen/var/r
├─1632 /usr/bin/perl -w /opt/nfsen/bin/nfsend
└─1633 /opt/nfsen/bin/nfsend-comm
Sep 11 16:36:24 coselem-HP-ProBook-4330s nfcapd[1516]: Unknown flow source:
'172.16.x.x'
Sep 11 16:36:24 coselem-HP-ProBook-4330s nfcapd[1516]: Skip UDP packet.
Ignored packets so far 311 packets
Sep 11 16:36:24 coselem-HP-ProBook-4330s nfcapd[1516]: Unknown flow source:
'172.16.x.x'
Sep 11 16:36:24 coselem-HP-ProBook-4330s nfcapd[1516]: Skip UDP packet.
Ignored packets so far 312 packets
Sep 11 16:36:24 coselem-HP-ProBook-4330s nfcapd[1516]: Unknown flow source:
'172.16.1x.x'
Sep 11 16:36:24 coselem-HP-ProBook-4330s nfcapd[1516]: Skip UDP packet.
Ignored packets so far 313 packets
Sep 11 16:36:24 coselem-HP-ProBook-4330s nfcapd[1516]: Unknown flow source:
'172.16.x.x'
and my nfse.conf sources are configured as shown below
%sources = (
'upstream1' => { 'port' => '9995', 'col' => '#0000ff', 'type' =>
'netflow' },
'peer1' => { 'port' => '9996', 'IP' => '172.16.x.x' },
'peer2' => { 'port' => '9996', 'IP' => '172.16.y.y' },
);
and only router 172.16.x.x. is configured to sink packets to my laptop with
the destination address of my laptop where nfsen is installed. but nothing
is displayed on the browser,
assist
On Fri, Sep 11, 2020 at 4:21 PM Brian Candler <b.cand...@pobox.com> wrote:
> > After installing nfsen in my ubuntu 18.04 when i run " service nfsen
> > status" nfens in active and running but i get error
> >
> > "Unknown flow source x.x.x.x" and .skip UDP packet so far 326 packets.
>
> Where exactly do you see this error? Are you looking at nfcapd logs, or
> somewhere else?
>
> nfsen doesn't capture packets, nfcapd does. However nfsen does configure
> nfcapd, and you'll need to tell it which port to listen on.
>
> In your nfsen config you need something like this:
>
> %sources = (
> 'gw1' => { 'port' => '9001', 'col' => '#0000ff', 'type' =>
> 'netflow' },
> );
>
> If you have multiple sources sending to different ports, just add them.
>
> If you have multiple sources sending to the *same* port then you can
> distinguish them by source IP address:
>
> %sources = (
> 'gw1' => { 'port' => '9001', 'IP' => 'x.x.x.x', 'col' =>
> '#0000ff', 'type' => 'netflow' },
> 'gw2' => { 'port' => '9001', 'IP' => 'y.y.y.y', 'col' =>
> '#00ff00', 'type' => 'netflow' },
> );
>
>
> Of course these IPs have to match the actual IP that the router is sending
> from (check the source addresses you see in tcpdump) otherwise nfcapd won't
> know which one to use.
>
>
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
