On Thu, Sep 15, 2005 at 02:49:19PM -0300, Patricia wrote:
>
> Flow-captures it is being executed, but the flows are not being generated and
> are giving the following error in log:
>
> Sep 15 10:30:04 endace flow-capture[247]: ftpdu_verify(): src_ip=10.24.65.1
> failed.
>
lib/ftdecode.c:ftpdu_verify() checks all PDUs in received Netflow packets.
Its result depends on which Netflow version PDU it is called on.
e.g. for Netflow version 5 packets it checks whether:
- number of PDUs in Netflow packets does not exceed 30 PDUs
- length of buffer used for storing PDUs is equal to the number of PDUs in
Netflow packet header multiplied by size of one PDU
If at least one of the checks fails, ftpdu_verify() will fail.
Address 10.24.65.1 is the address of the router exporting invalid Netflow
packets.
It would be helpful if you could submit at least short tcpdump log with
those Netflow packets.
v.
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
