The problem could be from iptables; as tcpdump behaves like it's between
iptables and the Internet, you can see traffic with tcpdump that iptables is
blocking. A nice, brief explanation, with diagram, is provided here:
"Who came first: iptables or tcpdump" (not my site)
http://mydebian.blogdns.org/?p=85
I only mention this because I've made this mistake several times when
setting up nfcapd.
Steven
On Wed, Jun 17, 2009 at 5:55 PM, fedora fedora <[email protected]> wrote:
> Hello everyone,
>
> I have been trying a whole day to get nfcapd to capture the netflow record
> without any luck, so I figured it is time to ask...
>
> The server i am using is running 64bit ubuntu 8.10 server edition, and
> netflow traffic is being sent over on port 10001.
>
> r...@sflow5:/nfdata/# nfcapd -V
> nfcapd: Version: 1.5.8 $LastChangedDate: 2008-02-21 10:50:02 +0100 (Thu, 21
> Feb 2008) $
> $Id: nfcapd.c 9 2009-05-07 08:59:31Z haag $
>
> the command I run
>
> "nfcapd -w -D -I Test -p 10001 -S 1 -l /nfdata"
>
> The problem is, it seems that nfcapd is not seeing anything coming, all
> files generated are 276byte size without any real data inside.
>
> Jun 17 16:30:10 sflow5 /usr/local/bin/nfcapd[5387]: Ident: 'Test' Flows: 0,
> Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
>
> I also tried aother command, like
>
> "nfcapd -p 10001 -E", nothing happens,
>
> btw, I am sure the netflow traffic is being sent to this port, i run a
> tcpdump on port 10001 and the catpured file was succefully recognized by
> wireshark as netflow v5 data.
>
> What might be wrong? why nfsen sees no netflow traffic at all?
>
> Any help will be greatly appreciated!
>
> FD
>
>
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables unlimited
> royalty-free distribution of the report engine for externally facing
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> _______________________________________________
> Nfdump-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
>
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
