Is some other process already listening on that port? I would think that
nfcap would complain about not being able to open the port (but maybe it
doesn't).
-Russell Dwarshuis
On Thu, 18 Jun 2009, fedora fedora wrote:
> Thank for the replies, but the thing is,
>
> I don't have SELinux running, see below
>
> r...@sflow5:/nfdata# dmesg | egrep -i selinux
> [ 0.010000] SELinux: Disabled at boot.
>
> Also right now I have on iptable firewall rules, and just to make sure, I
> flush both NAT and general tables.
>
> The result is still same, no data at all.
>
> Why else should I check?
>
> Thanks!
>
> FD
>
> On Thu, Jun 18, 2009 at 12:45 AM, Peter Haag <[email protected]> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> This is most likely an SElinux configuration problem. Check your SE
>> policies.
>> There should be some guidelines in the mailing list archive.
>>
>> - Peter
>>
>> fedora fedora wrote:
>>> Hello everyone,
>>>
>>> I have been trying a whole day to get nfcapd to capture the netflow
>> record
>>> without any luck, so I figured it is time to ask...
>>>
>>> The server i am using is running 64bit ubuntu 8.10 server edition, and
>>> netflow traffic is being sent over on port 10001.
>>>
>>> r...@sflow5:/nfdata/# nfcapd -V
>>> nfcapd: Version: 1.5.8 $LastChangedDate: 2008-02-21 10:50:02 +0100 (Thu,
>> 21
>>> Feb 2008) $
>>> $Id: nfcapd.c 9 2009-05-07 08:59:31Z haag $
>>>
>>> the command I run
>>>
>>> "nfcapd -w -D -I Test -p 10001 -S 1 -l /nfdata"
>>>
>>> The problem is, it seems that nfcapd is not seeing anything coming, all
>>> files generated are 276byte size without any real data inside.
>>>
>>> Jun 17 16:30:10 sflow5 /usr/local/bin/nfcapd[5387]: Ident: 'Test' Flows:
>> 0,
>>> Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
>>>
>>> I also tried aother command, like
>>>
>>> "nfcapd -p 10001 -E", nothing happens,
>>>
>>> btw, I am sure the netflow traffic is being sent to this port, i run a
>>> tcpdump on port 10001 and the catpured file was succefully recognized by
>>> wireshark as netflow v5 data.
>>>
>>> What might be wrong? why nfsen sees no netflow traffic at all?
>>>
>>> Any help will be greatly appreciated!
>>>
>>> FD
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>>
>> ------------------------------------------------------------------------------
>>> Crystal Reports - New Free Runtime and 30 Day Trial
>>> Check out the new simplified licensing option that enables unlimited
>>> royalty-free distribution of the report engine for externally facing
>>> server and web deployment.
>>> http://p.sf.net/sfu/businessobjects
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Nfdump-discuss mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>>
>> - --
>> _______ SWITCH - The Swiss Education and Research Network ______
>> Peter Haag, Security Engineer, Member of SWITCH CERT
>> PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
>> SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
>> E-mail: [email protected] Web: http://www.switch.ch/
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.5 (Darwin)
>>
>> iQCVAwUBSjnUZf5AbZRALNr/AQJduwP/XbLtfrV8CLTwicZRx7aN+I8W3v5Uc/Ej
>> H9RVtgmaIepCVbRVajdH9QUiHfxWQZrfFjqSb7NQWstlD1g7nqxh+o8Kx5fXFOGh
>> AVHG2SWzQvcXK/JMCmSSe470jlgud9FVgwANPBjdhVCVxndP98O3e8GVZNuZUgz7
>> Lx7qEqRjoTo=
>> =0wvB
>> -----END PGP SIGNATURE-----
>>
>
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
