No, nfcapd is the only process listening on that port, see the output below.
r...@sflow5:/var/log# lsof -i:10001
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
nfcapd 20805 root 3u IPv4 63305 UDP *:10001
On Thu, Jun 18, 2009 at 10:58 AM, Russell Dwarshuis <[email protected]> wrote:
> Is some other process already listening on that port? I would think that
> nfcap would complain about not being able to open the port (but maybe it
> doesn't).
>
>
> -Russell Dwarshuis
>
>
> On Thu, 18 Jun 2009, fedora fedora wrote:
>
> Thank for the replies, but the thing is,
>>
>> I don't have SELinux running, see below
>>
>> r...@sflow5:/nfdata# dmesg | egrep -i selinux
>> [ 0.010000] SELinux: Disabled at boot.
>>
>> Also right now I have on iptable firewall rules, and just to make sure, I
>> flush both NAT and general tables.
>>
>> The result is still same, no data at all.
>>
>> Why else should I check?
>>
>> Thanks!
>>
>> FD
>>
>> On Thu, Jun 18, 2009 at 12:45 AM, Peter Haag <[email protected]>
>> wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>>
>>> This is most likely an SElinux configuration problem. Check your SE
>>> policies.
>>> There should be some guidelines in the mailing list archive.
>>>
>>> - Peter
>>>
>>> fedora fedora wrote:
>>>
>>>> Hello everyone,
>>>>
>>>> I have been trying a whole day to get nfcapd to capture the netflow
>>>>
>>> record
>>>
>>>> without any luck, so I figured it is time to ask...
>>>>
>>>> The server i am using is running 64bit ubuntu 8.10 server edition, and
>>>> netflow traffic is being sent over on port 10001.
>>>>
>>>> r...@sflow5:/nfdata/# nfcapd -V
>>>> nfcapd: Version: 1.5.8 $LastChangedDate: 2008-02-21 10:50:02 +0100 (Thu,
>>>>
>>> 21
>>>
>>>> Feb 2008) $
>>>> $Id: nfcapd.c 9 2009-05-07 08:59:31Z haag $
>>>>
>>>> the command I run
>>>>
>>>> "nfcapd -w -D -I Test -p 10001 -S 1 -l /nfdata"
>>>>
>>>> The problem is, it seems that nfcapd is not seeing anything coming, all
>>>> files generated are 276byte size without any real data inside.
>>>>
>>>> Jun 17 16:30:10 sflow5 /usr/local/bin/nfcapd[5387]: Ident: 'Test' Flows:
>>>>
>>> 0,
>>>
>>>> Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
>>>>
>>>> I also tried aother command, like
>>>>
>>>> "nfcapd -p 10001 -E", nothing happens,
>>>>
>>>> btw, I am sure the netflow traffic is being sent to this port, i run a
>>>> tcpdump on port 10001 and the catpured file was succefully recognized by
>>>> wireshark as netflow v5 data.
>>>>
>>>> What might be wrong? why nfsen sees no netflow traffic at all?
>>>>
>>>> Any help will be greatly appreciated!
>>>>
>>>> FD
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>
>>>> Crystal Reports - New Free Runtime and 30 Day Trial
>>>> Check out the new simplified licensing option that enables unlimited
>>>> royalty-free distribution of the report engine for externally facing
>>>> server and web deployment.
>>>> http://p.sf.net/sfu/businessobjects
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> _______________________________________________
>>>> Nfdump-discuss mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>>>>
>>>
>>> - --
>>> _______ SWITCH - The Swiss Education and Research Network ______
>>> Peter Haag, Security Engineer, Member of SWITCH CERT
>>> PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
>>> SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
>>> E-mail: [email protected] Web: http://www.switch.ch/
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.5 (Darwin)
>>>
>>> iQCVAwUBSjnUZf5AbZRALNr/AQJduwP/XbLtfrV8CLTwicZRx7aN+I8W3v5Uc/Ej
>>> H9RVtgmaIepCVbRVajdH9QUiHfxWQZrfFjqSb7NQWstlD1g7nqxh+o8Kx5fXFOGh
>>> AVHG2SWzQvcXK/JMCmSSe470jlgud9FVgwANPBjdhVCVxndP98O3e8GVZNuZUgz7
>>> Lx7qEqRjoTo=
>>> =0wvB
>>> -----END PGP SIGNATURE-----
>>>
>>>
>>
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
