Re: [Nfdump-discuss] nfcapd not seeing packets

Tue, 10 Apr 2012 01:16:11 -0700 

Hi Nick,
I guess you have some packet filters somewhere on your system.
wireshark reads network data at a very low level. System filters
or SElinux features follow up the chain and nfcapd sits on top of all.

This means something blocks your network data somewhere in your network
data chain.

Hope, this help.

        - Peter

On 4/10/12 7:14, Nicholas Mooney wrote:
> Hi
> 
>  
> 
> I am having trouble receiving flows at nfcapd.
> 
>  
> 
> I am exporting version 5 netflows (cflow) from a juniper router. I am export 
> them both to my PC running Wireshark and my
> nfcapd on port 9996. The interval is 5 and there is traffic on the interfaces 
> involved.
> 
>  
> 
> I simultaneously send the flows to Wireshark on my pc and it decodes them as 
> version 5 flows properly.
> 
>  
> 
> However, on the nfcapd I see no data being logged. If I run “nfcapd -E -p 
> 9996 -I FW -l /data/nfsen/test/ -s 5” I don’t
> see any packets logged to STDOUT, even though I simultaneously see the 
> packets hit the server (tcpport port 9996) and
> also I get the same flows sent to my PC at the same time.
> 
>  
> 
> All I get is this:
> 
>  
> 
> [root@ausydmon04 test]# nfcapd -E -p 9996 -I FW -l /data/nfsen/test/ -s 5
> 
> File Block Header:
> 
>   NumBlocks     =           0
> 
>   Size          =           0
> 
>  id             =           2
> 
>  
> 
> Any idea where I could be going wrong? I am running nfcapd as root.
> 
>  
> 
> [root@ausydmon04 test]# nfcapd -V
> 
> nfcapd: Version: 1.6.6 $Date: 2012-03-11 11:57:45 +0100 (Sun, 11 Mar 2012) $
> 
>  
> 
>  
> 
> Thanks, Nick.
> 
> 
> _________________________________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System on 
> behalf of Medibank Health Solutions.
> For more information please visit http://www.symanteccloud.com
> _________________________________________________________________________________________
> 
> 
> This body part will be downloaded on demand.
> 
> 
> 
> This body part will be downloaded on demand.

-- 
--
Be nice to your netflow data

------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second 
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to