You can always do a packet capture on your server to see the actual flow
packets. Most likely the flow packets are correct, but it takes some time
(5-30 minutes) until the routers send periodic flow template packets which
describe the data which is being sent. Without these template packets,
nfsen (and wireshark for instance) will not decode the packets correctly
and will simply ignore them. I think there is a setting on the cisco side
to enable periodic template "broadcast", but it would depend on platform
and IOS version.
On Wed, Nov 23, 2011 at 6:06 PM, Peter N. M. Hansteen <pe...@bsdly.net>wrote:
> I just set up nfsen 1.3.5 on OpenBSD, got the thing running and with only
> minimal effort got my colleague who controls the Cisco gear where the
> sensors live to enable export.
>
> The funny thing is, apparently the cisco gear reports no data:
>
> Nov 23 17:00:11 ma00617 nfcapd[19634]: Ident: 'lhgrs20-lo1601' Flows: 0,
> Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
> Nov 23 17:00:11 ma00617 nfcapd[19634]: Ident: 'lhgrs21-lo1601' Flows: 0,
> Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
> Nov 23 17:00:11 ma00617 nfcapd[19634]: Ident: 'upstream1' Flows: 0,
> Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
>
> has anybody else seen something similar?
>
> - Peter
>
> --
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
> "Remember to set the evil bit on all malicious network traffic"
> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
>
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure
> contains a definitive record of customers, application performance,
> security threats, fraudulent activity, and more. Splunk takes this
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
> _______________________________________________
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
