Hi Borja,
nfcapd collects flows sent from a netflow exporter, such as a router or other
netflow generating device.
The option --enable-readpcap is for debugging/development purpose only and lets
nfcapd read pcaps, which
have been collected elsewhere, but also traffic, which has been sent to an
nfcpad collector - hence pcaps
of netflow data. Therefore this option is not intended for productive use.
If you want your Debian box to generate netflow data from an interface and
directly store netflow data
accordingly, you need nfpcapd the playmate of nfcapd :) This is
--enable-nfpcapd.
This code is to test and play with, although it works stable in the
environments I use it. Apart from
that you may use softflowd or other flow generators reading your interface
traffic and sending the generated
netflow traffic to nfcapd.
Hope this helps
- Peter
On 13.04.16 14:16, Borja Luaces wrote:
> Hello all,
>
> First of all I have to say that I am new with nfdump-nfcapd.
>
> I am running a Debian system and have recompiled the nfdump package to be
> able to create netflow from a pcap.
>
> I have tested it and it does create the file but when I use nfdump -r file
> I see nothing :S it says no flows
>
> ==========
> nfcapd -f test.pcap -E -l .
>
> File Block Header:
> NumBlocks = 24
> Size = 568
> id = 2
>
> Ident: 'none' Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad
> Packets: 805
> Total ignored packets: 0
> Terminating nfcapd.
> ==========
>
> ls -al
>
> 1140 abr 13 14:05 nfcapd.201604131405
>
> ==========
>
> nfdump -r nfcapd.201604131405
>
> Date first seen Duration Proto Src IP Addr:Port Dst
> IP Addr:Port Packets Bytes Flows
> Verify map id 2: ERROR: Expected 7 elements in map, but found 1!
> Summary: total flows: 0, total bytes: 0, total packets: 0, avg bps: 0, avg
> pps: 0, avg bpp: 0
> Time window: 2016-04-13 14:05:59 - 2016-04-13 14:10:59
> Total flows processed: 0, Blocks skipped: 0, Bytes read: 864
> Sys: 0.000s flows/second: 0.0 Wall: 0.000s flows/second: 0.0
>
> ===========
>
> The pcap file is created in the wild just with some http traffic.
>
> In case it is needed, the process I have followed is the following one.
>
> create a temp folder and download the source
> modify the debian/rules and added --enable-readpcap
> modify the debian/control and add libpcap-dev
> install dependencies
> recompile
> install the new package
>
> What am I doing wrong?, because for sure I am doing something wrong xD
>
> Regards,
>
>
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications Manager
> Applications Manager provides deep performance insights into multiple tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>
>
>
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
--
Be nice to your netflow data. Use NfSen and nfdump :)
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
