Re: [Flow-tools] flows with no data

Dwann Hall Thu, 19 Apr 2007 11:57:09 -0700

PS: My router [L3 switch] is producing flows
 
%host%#sh mls netflow ip
Displaying Netflow entries in Supervisor Earl
DstIP           SrcIP           Prot:SrcPort:DstPort  Src i/f          :AdjPtr
-----------------------------------------------------------------------------
Pkts         Bytes         Age   LastSeen  Attributes
---------------------------------------------------
x.x.112.92  216.178.38.64   tcp :www    :4595     Vl101            :0x0
45           33028         113   12:51:00   L3 - Dynamic
x.x.96.30   10.2.2.94       udp :161    :4368     Te2/3            :0x0
1            111           145   12:50:04   L3 - Dynamic
x.x.96.30   10.2.2.94       udp :161    :4361     Te2/3            :0x0
1            111           145   12:50:04   L3 - Dynamic
x.x.96.30   10.2.2.94       udp :161    :4607     Te2/3            :0x0
1            111           103   12:50:46   L3 - Dynamic
 
%host%#sh ip flow export
Flow export v5 is enabled for main cache
  Exporting flows to x.x.x.x (2055)
  Exporting using source interface Loopback1
  Version 5 flow records, peer-as
  Cache for as aggregation:
    Exporting flows to x.x.x.x (2055)
  7890260 flows exported in 646551 udp datagrams
  0 flows failed due to lack of export packet
  8 export packets were sent up to process level
  0 export packets were dropped due to no fib
  0 export packets were dropped due to adjacency issues
  0 export packets were dropped due to fragmentation failures
  0 export packets were dropped due to encapsulation fixup failures
  0 export packets were dropped enqueuing for the RP
  0 export packets were dropped due to IPC rate limiting


 
Dwann A. Hall
Information Technology Services
Kennesaw State University
[EMAIL PROTECTED]

>>> "Dwann Hall" <[EMAIL PROTECTED]> 4/19/2007 2:45:51 PM >>>

I am using a fresh install of CentOS 4.4 [b/c gcc with CentOS 5 was 
incompatible]. I installed rrdtool and flow-tools verbatim from the website but 
I am not getting any data in my flow files. I saw 2 hits on this issue vi 
Google but no resolution. Any help would be appreciated! ~Dwann
 
tail -f /var/log/flowscan:
 
2007/04/19 14:30:26 working on file 
/var/netflow/ft-v05.2007-04-19.142823-0400...
2007/04/19 14:30:26 flowscan-1.020 CUFlow: Cflow::find took  0 wallclock secs ( 
0.00 usr +  0.00 sys =  0.00 CPU) for 104 flow file bytes, flow hit ratio: 0/0
2007/04/19 14:30:26 flowscan-1.020 CUFlow: report took  0 wallclock secs ( 0.00 
usr +  0.00 sys =  0.00 CPU)
sleep 30...
Use of uninitialized value in numeric gt (>) at 
/usr/lib/perl5/site_perl/5.8.5/HTML/Table.pm line 1684.
Use of uninitialized value in numeric gt (>) at 
/usr/lib/perl5/site_perl/5.8.5/HTML/Table.pm line 1684.
Use of uninitialized value in numeric gt (>) at 
/usr/lib/perl5/site_perl/5.8.5/HTML/Table.pm line 1684.
Use of uninitialized value in numeric gt (>) at 
/usr/lib/perl5/site_perl/5.8.5/HTML/Table.pm line 1684.

vi /usr/lib/perl5/site_perl/5.8.5/HTML/Table.pm line 1684:
 
sub addRow {
   my $self = shift;
 
   # this sub should add a row, using @_ as contents
   my $count = @_;
   # if number of cells is greater than cols, let's assume
   # we want to add a column.
   *---> 1684 $self->{last_col} = $count if ($count > $self->{last_col});
   $self->{last_row}++;  # increment number of rows
   for (my $i = 1; $i <= $count; $i++) {
      # Store each value in cell on row
         $self->{rows}[$self->{last_row}]->{cells}[$i]->{contents} = shift;
   }
   return $self->{last_row};

netstat:
 
[EMAIL PROTECTED] bin]# netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             
State       PID/Program name
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   
LISTEN      2619/portmap
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   
LISTEN      2769/cupsd
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   
LISTEN      2851/sendmail: acce
tcp        0      0 0.0.0.0:701                 0.0.0.0:*                   
LISTEN      2639/rpc.statd
tcp        0      0 :::22                       :::*                        
LISTEN      2816/sshd
udp        0      0 0.0.0.0:2055                0.0.0.0:*                       
        4567/flow-capture

tcpdump: 
 
[EMAIL PROTECTED] CUFlow-1.7]# tcpdump -n udp port 2055
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:32:46.602556 IP 10.2.6.1.54400 > 130.218.96.117.2055: UDP, length 1416
14:32:46.603451 IP 10.2.6.1.54400 > 130.218.96.117.2055: UDP, length 1416
14:32:46.607191 IP 10.2.6.1.54400 > 130.218.96.117.2055: UDP, length 1416
14:32:46.607649 IP 10.2.6.1.54400 > 130.218.96.117.2055: UDP, length 1416
14:32:46.608341 IP 10.2.6.1.54400 > 130.218.96.117.2055: UDP, length 1416


 
Dwann A. Hall
Information Technology Services
Kennesaw State University
[EMAIL PROTECTED]

_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools

Re: [Flow-tools] flows with no data

Reply via email to