Hi Raman,
I'll have a look at your data.
Thx.
- Peter
On 07.12.18 17:49, Raman Poply wrote:
> Hi All,
>
> I know this probably isn’t an issue with nfcapd but I just wanted to reach
> out and see if anyone else had such an issue and could possibly point me in
> that right direction.
>
> I am trying to capture Netflow packets exported from a Cisco ASA using
> nfcapd. I noticed frequent sequence errors in the nfcapd logs (see
> nfcapd.log). To investigate the issue, I compiled nfdump with –enabled-devel
> flag and realized that the sequence
> errors occur whenever the ASA sends out the templates at its refresh interval
> which happens to be 1 minute in my case. It looks like the missing packets do
> arrive but in the wrong order which causes the sequence error (see
> nfcapd_devel.log). I did a
> packet capture on the interface and I can see the sequence errors in the pcap
> as well. The packet before the template refresh is fragmented and cannot be
> parsed as a Netflow packet (see eth0_9995.pcap).
>
> Version Information:
>
> * nfdump - NSEL-NEL1.6.17
> * Cisco ASA - 9.8(2)
> * Netflow - Version 9
>
>
> Please let me know if you need any other information. Any help would be
> appreciated. Thanks in advance!
>
> Raman
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
