On 14 Feb 2005 at 10:39, Mike Hunter wrote: > By default, flow-capture listens for 15 minutes and then produces a > file with all the netflow it's gotten in that time...have you let it wait > 15 minutes?
No. > > To test your network/filrewall setup, can you make sure that 00100 allow ip from any to any via lo0 > > nc -l -p 9999 > > echo HELLO | nc localhost 9999 > > Works? I know it shouldn't be a problem, but we should make sure. > nc it is necessary to start with an option '-u ' - UDP mode. With the help tcpdump it is possible to see packages, but in a file they are not kept! tcpdump -i lo0 port 9999 21:41:41.015337 IP localhost.63113 > localhost.9999: UDP, length: 8192 21:41:41.015548 IP localhost.63113 > localhost.9999: UDP, length: 8192 21:41:41.015799 IP localhost.63113 > localhost.9999: UDP, length: 8192 21:41:41.016010 IP localhost.63113 > localhost.9999: UDP, length: 8192 --- At gathering netflow it is direct with Cisco with the help flow- capture (on port 9800) everything is all right! The file constantly increases! With the help tcpdump it is visible, that UDP-packages here it is less: 21:52:17.007546 IP ******.50515 > ******.9800: UDP, length: 1464 21:52:17.007669 IP ******.50515 > ******.9800: UDP, length: 1464 21:52:17.007797 IP ******.50515 > ******.9800: UDP, length: 1464 21:52:17.007919 IP ******.50515 > ******.9800: UDP, length: 1464 Whether in it put? --- Kind Regards, Aleksey > Mike > > On Feb 14, "Aleksey Kuznetsov" wrote: > > > So I also have tried to make, but it has turned out nothing! > > > > 1. flow-capture -V5 -z5 -n1 -w /2/tmp 127.0.0.1/127.0.0.1/9999 > > > > 2. ps -ax | grep flow-capture > > > > 3753 ?? Ss 0:00,00 flow-capture -V5 -z5 -n1 -w /2/tmp > > 127.0.0.1/127.0.0.1.9999 > > > > 3. ls -l 2005011719 > > > > -rw-r--r-- 1 root wheel 165216792 14 feb 21:17 2005011719 > > > > 4. nc 127.0.0.1 9999 < 2005011719 > > > > 5. ls -l > > > > total 2 > > -rw-r--r-- 1 root wheel 84 14 ЖЕЧ 21:23 > > tmp-v05.2005-02-14.212313+0300 > > > > Other variants? > > > > Kind Regards, Aleksey > > > > > > On 14 Feb 2005 at 9:28, Mike Hunter wrote: > > > > > On Feb 13, "Aleksey Kuznetsov" wrote: > > > > > > > Hello! > > > > > > > > I have data netflow, collected with the help netcat. > > > > It is possible to transfer them in a format flow-tools? > > > > > > It's kind of ghetto, but you could do this: > > > > > > flow-capture ... 127.0.0.1/127.0.0.1/9999 > > > > > > nc localhost 9999 < my_flow_stuff > > > > > > I didn't see an option in flow-import to do it more cleanly... > > > > > > > > > > _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
