Do the following lines provide any clues: Jan 8 17:40:46 Monitor02 flow-capture[12371]: ftpdu version not set. Jan 8 17:40:46 Monitor02 flow-capture[12371]: ftpdu_verify(): src_ip=192.168.222.1 failed.
Kirk On Fri, Jan 8, 2010 at 11:19 AM, Ed Ravin <[email protected]> wrote: > On Fri, Jan 08, 2010 at 10:33:07AM -0600, Kirk Olson wrote: > > flow-capture is running and tcpdump reports incoming udp packets but > > files are not being written in the directory specified. I am using the > > following command to start the capture: > > > > flow-capture -w /flows/mkflows 0/0/9800 -S5 -n287 > > Put the "0/0/9800" last on the command line, after all the hyphenated > options. > > Make sure the /flows/mkflows directory exists. > > Also, check with tcpdump that the incoming UDP packets are destined for > port 9800. > > Check the syslogs for any errors from flow-capture. > > Use "lsof -p <pid-of-flow-capture>" to make sure flow-capture is listening > to the right UDP port. > > If all else fails, use "strace -p <pid-of-flow-capture>" to trace through > what it's doing or not doing. >
_______________________________________________ Flow-tools mailing list [email protected] http://mailman.splintered.net/mailman/listinfo/flow-tools
