Dear Vladimir,
The log from tcpdump is:
endace:/etc/init.d# tcpdump -i eth1 src 10.24.65.1
tcpdump: listening on eth1
15:58:09.880385 arp who-has 10.24.65.51 tell
10.24.65.1
15:58:09.881259 10.24.65.1.1026 > 10.24.65.51.9800:
udp 1216
Thanks,
Patrícia
--- Vladimir Kotal <[EMAIL PROTECTED]> escreveu:
> On Thu, Sep 15, 2005 at 02:49:19PM -0300, Patricia
> wrote:
> >
> > Flow-captures it is being executed, but the flows
> are not being generated and are giving the following
> error in log:
> >
> > Sep 15 10:30:04 endace flow-capture[247]:
> ftpdu_verify(): src_ip=10.24.65.1 failed.
> >
>
> lib/ftdecode.c:ftpdu_verify() checks all PDUs in
> received Netflow packets.
> Its result depends on which Netflow version PDU it
> is called on.
>
> e.g. for Netflow version 5 packets it checks
> whether:
> - number of PDUs in Netflow packets does not
> exceed 30 PDUs
> - length of buffer used for storing PDUs is equal
> to the number of PDUs in
> Netflow packet header multiplied by size of one
> PDU
>
> If at least one of the checks fails, ftpdu_verify()
> will fail.
> Address 10.24.65.1 is the address of the router
> exporting invalid Netflow
> packets.
>
> It would be helpful if you could submit at least
> short tcpdump log with
> those Netflow packets.
>
>
> v.
>
_______________________________________________________
Novo Yahoo! Messenger com voz: ligações, Yahoo! Avatars, novos emoticons e
muito mais. Instale agora!
www.yahoo.com.br/messenger/
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
