hi;
I hope that someone can help me with capturing version 5
netflow.
i installed flow-tools 0.68.1 successfully on SUSE 10.0.
my command for capturing data is :
/usr/bin/flow-capture -w /var/log/netflow 0/0/2055 -V 5 - E1G -n 287 -N3
IT WORKS.
I SEE THE tmp and ft-v05 files in /var/log/netflow, but when i try to see the
collected
data with flow-print; the result is like this :
Start End Sif SrcIPaddress SrcP DIf
DstIPaddress DstP
P Fl Pkts Octets
without data.(it seems like empty files)
I have run tcpdump using the command line "tcpdump -ni port
2055" which shows traffic being received as below:
09:27:20.852231 IP 130.199.xxx.xx.50968 >
192.168.47.xxx.2055: UDP, length:
1416
09:27:20.852536 IP 130.199.xxx.xx.50968 >
192.168.47.xxx.2055: UDP, length:
1416
I run netstat -lnp
udp 0 flow-capture
In syslog: ...FLOW-TOOLS...setsockopt(size=4194304)
I also disabled the firewall.
when i run netcat(nc -l -u -p 2055),i have :can't grab 0.0.0.0:2055 with bind
i don't know what's th problem.
thanks
---------------------------------
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail _______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
