[Flow-tools] empty flow files?

Jeremy Webb Thu, 09 Sep 2004 13:51:24 -0700

I have set up flow-tools in conjunction with flowscan. Everything appears to be working correctly, other than the fact that my flow files appear to be empty. Each one has a file size of only 108 bytes. When something like this occurs, what usually seems to be the problem? Is it usually a problem with the configuration of the router sending the flows, or is it usually a problem with the flow-tools configuration not processing what it is receiving correctly?

This is the kind of stuff I see in my flowscan log:

2004/09/09 10:50:04 working on file ft-v05.2004-09-09.104500-0600... 2004/09/09 10:50:04 flowscan-1.020 CUFlow: Cflow::find took 0 wallclock secs ( 0.01 usr + 0.00 sys = 0.01 CPU) for 108 flow file bytes, flow hit ratio: 0/0 2004/09/09 10:50:04 flowscan-1.020 CUFlow: report took 0 wallclock secs ( 0.00 usr + 0.00 sys = 0.00 CPU) sleep 30... sleep 30... sleep 30... sleep 30... sleep 30... sleep 30... sleep 30... sleep 30... sleep 30... sleep 30...

When I view tcpdump, I see a whole lot of this (moving in pretty quickly):

14:21:56.658187 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, length: 1464 14:21:56.658510 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, length: 1464 14:21:56.659005 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, length: 1464 14:21:56.659374 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, length: 1464 14:21:56.659658 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, length: 1464 14:21:56.660165 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, length: 1464 14:21:56.660643 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, length: 1464 14:21:56.660971 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, length: 1464 14:21:56.661341 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, length: 1464 14:21:56.661669 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, length: 1464 14:21:56.661955 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, length: 1464 14:21:56.662283 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, length: 1464 14:21:56.662608 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, length: 1464 14:21:56.662813 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, length: 1464 14:21:56.663306 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, length: 1464 14:21:56.663593 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, length: 1464

This is my router config:

ip flow-export version 5 peer-as ip flow-export source-interface Loopback 0 (This was added as a suggestion to fix our issue.) ip flow-export destination 65.105.158.157 2055 ip flow-cache timeout active 1 ip route-cache flow (This was assigned to all interfaces.)

Thanks for your help.

- Burr


_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools

[Flow-tools] empty flow files?

Reply via email to