On Dec 14, "Ben Beuchler" wrote: > > Do you have a firewall configured that is keeping the data from coming > > through? Can you run netcat as a server on your chosen netflow port and > > make netcat connections from various places into that netcat listener and > > see what works and what doesn't? > > Yep. Netcat can talk UDP to/from that port from various locations on > the network just fine. > > > TCPDump may be seeing data that the OS itself doesn't because of a > > host-based firewall. If netcat can't see it, there's a network/firewall > > problem. > > No host-based firewalls are configured. IPTables is enabled the > kernel, but no rulesets are in place. And, as I mentioned above, > other processes (like nc) are able to use that port just fine.
Ugh :( So, where we're at is that you are definitely receiving the flows, but flow-capture and flow-receive don't seem to "see them." Sorry if any of these questions have already been answered, but the things that come to mind: Is flow-capture making "empty" flow files or is it not making anything at all? (I think you already have, but...) have you tried flow-receive? Are you receiving on a port >= 1024, i.e. you're sure this isn't a privilege problem? What version of netflow are you exporting from your router? Mike _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
