On Tue, Apr 10, 2012 at 4:55 AM, Jan <[email protected]> wrote: > Hi Chris, > > On 04/04/2012 02:21 PM Chris Buechler wrote: >> On Wed, Apr 4, 2012 at 1:18 AM, Jan <[email protected]> wrote: >>> Hi, >>> >>> on my local pfSense installation running 2.0.1 I'm using pfflowd to send >>> netflow datagrams to a centralized collector, which works like a charm. >>> >>> However, pfflowd doesn't seem to include tcp flags as well. I already tried >>> switching between versions v5 and v9 but without any luck. >>> >>> Bug or feature? >>> >> >> Just how it works, it's exporting an entire session from the state >> table, so it had a SYN, SYN ACK, ACK, <misc other stuff and then >> closing the connection>. > > for visualization I got a nfsen instance running on a virtualized debian > squeeze box. nfsen utilizes the nfdump-utils to capture netflows from > devices such in this case from an carp ip of my pfSense cluster (actually > only one node has pfflowd running). > > First I thought that the problem might have been with the nfdump version so > I tested different netflow collectors as well but got stuck with the same > result. > > Here you got some sample output from a todays capture ... please note that > all flag bits are blank: >
It's just as I described, that's how it works. It doesn't set flags because there aren't specific flags on an entire TCP session. The flags portion of Netflow is for different circumstances where you're exporting on a per-packet basis where flags actually can be determined, anything that exports the entire session isn't going to set flags. _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
