Port zero means that the port IN THE FLOW is zero, i.e. the observed packet itself.
Sounds like it's not tcp/ip, or perhaps it's encapsulated such that the Cisco router isn't seeing a port #? -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Eric Shamow Sent: Monday, June 30, 2003 8:09 PM To: [EMAIL PROTECTED] Subject: [Ntop] Netflow discard problem I've been having a problem with ntop collecting NetFlows from a Cisco device. The Cisco device is pointed at me, and I do appear to be receiving packets. However the "Netflows" table under "Total" tells me that I'm receiving nothing. When I check the Netflow plugin, I find the following info (see below). As far as I can tell the "port zero" rejection is supposed to be triggered when either the source or destination port is "zero" -- is this correct? If so I'm not sure what's happening, as the Cisco device is configured to send out the flows to port 2055 and they are clearly not originating from port zero. The table: Flow Senders 149.4.100.251 [57,952 pkts] 149.4.107.246 [26,227 pkts] Gives: # Pkts Received 84,179 Less: # Pkts with bad version 26,227 Gives: # Pkts processed 57,952 # Flows per packet(avg) 27.0 # Flows received 1,564,690 Less: # Flows with zero packet count 0 Less: # Flows with zero byte count 0 Less: # Flows with bad data 0 Gives: # Flows processed 1,564,690 Ignored Flows port zero 1564686 in handleIP() 0 Most recent problem flows (n) is consecutive count {n} is bytes Clich here to refresh this data. Any help is appreciated. Eric Shamow Asst. Director UNIX and Educational Technologies Office of Information Technology Office of the Provost Queens College of CUNY Flushing, NY 11367 _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
