Hi Chris, On 04/04/2012 02:21 PM Chris Buechler wrote: > On Wed, Apr 4, 2012 at 1:18 AM, Jan <[email protected]> wrote: >> Hi, >> >> on my local pfSense installation running 2.0.1 I'm using pfflowd to send >> netflow datagrams to a centralized collector, which works like a charm. >> >> However, pfflowd doesn't seem to include tcp flags as well. I already tried >> switching between versions v5 and v9 but without any luck. >> >> Bug or feature? >> > > Just how it works, it's exporting an entire session from the state > table, so it had a SYN, SYN ACK, ACK, <misc other stuff and then > closing the connection>.
for visualization I got a nfsen instance running on a virtualized debian
squeeze box. nfsen utilizes the nfdump-utils to capture netflows from
devices such in this case from an carp ip of my pfSense cluster (actually
only one node has pfflowd running).
First I thought that the problem might have been with the nfdump version so
I tested different netflow collectors as well but got stuck with the same
result.
Here you got some sample output from a todays capture ... please note that
all flag bits are blank:
----------------------------------8<--------------------------------------
# nfdump -o "fmt:%fl %flg %ibyt %obyt" -r nfcapd.201204100925 -c 100 'proto
tcp' | tail;
1 ...... 428 0
1 ...... 681 0
1 ...... 4872 0
1 ...... 780 0
1 ...... 4956 0
1 ...... 824 0
---------------------------------->8--------------------------------------
What am I missing here? Is this the desired behavior?
Cheers
Jan
signature.asc
Description: OpenPGP digital signature
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
