-Burr
----Original Message Follows---- From: Mike Hunter <[EMAIL PROTECTED]> To: Jeremy Webb <[EMAIL PROTECTED]> Subject: Re: [Flow-tools] empty flow files? Date: Thu, 9 Sep 2004 14:42:20 -0700
On Sep 09, "Jeremy Webb" wrote:
> Thanks for the quick reply. When I run netstat I get the following:
>
> Proto Recv-Q Send-Q Local Address Foreign Address State
> PID/Program name
> tcp 0 0 127.0.0.1:32768 0.0.0.0:* LISTEN
> 1890/xinetd
> tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
> 1580/mysqld----
From: Mike Hunter <mhunte
> tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
> 1581/portmap
> tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
> 3890/perl
> tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
> 1817/X
> tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
> 1983/proftpd: (acce
> tcp 0 0 0.0.0.0:983 0.0.0.0:* LISTEN
> 1649/rpc.statd
> tcp 0 0 :::80 :::* LISTEN
> 5646/httpd2
> tcp 0 0 :::22 :::* LISTEN
> 1867/sshd
> tcp 0 0 :::443 :::* LISTEN
> 5646/httpd2
> udp 0 0 0.0.0.0:2055 0.0.0.0:*
> 16318/flow-capture
>
> Flow-capture appears to be on port 2055, but doesn't specifically say
> "LISTEN" like the things above it. Could this be a sign of the issue?
I think it's ok for LISTEN to not be there because UDP is different from TCP in that regard. Does it really say 0.0.0.0 or did you put that in?
I would try using netcat to see if it's a network issue or a flow-tools issue.
Type this on the server: nc -l -u -p 2055
then on a different box say
nc -u whatever.com 2055 blah blah blah ^D
(control D is end of file on unix)
If that works, there is indeed a flow-caputre problem (send the exact startup
command to the list). If not, there's a network/firewall problem.
Mike
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
