Hello, I'm trying to use ntop in connection with the sflow plugin that is receiving sflow sample from our foundry bigiron switchrouter. Ntop is seeing a lot of packets but none of them seems to be valid and there is no data being shown :-((
Any ideas what to do? I've noticed that the agent-ip and the "datagramSourceIP" ntop is displaying are different. Maybe this is causing the problems? # NTOP's plugin information Flow Senders 80.242.254.3 [1,513 pkts] Number of Packets Received 1,513 Number of Packets with Bad Version 0 Number of Packets Processed 1,513 Number of Valid Flows Received 0 Number of v2 Flows Received 1,513 #The config on the switch is: sflow enable sflow agent-ip 80.424.222.2 sflow sample 1024 sflow destination 80.424.254.36 Interface eth 2/999 sflow forwarding #show sflow sFlow services are enabled. sFlow agent IP address: 80.424.222.2 2 collector destinations configured: Collector IP 80.424.254.36, UDP 6343 Polling interval is 20 seconds. Configured default sampling rate: 1 per 1024 packets. Actual default sampling rate: 1 per 2048 packets. 9122164 UDP packets exported 26106828 sFlow samples collected. sFlow ports: ethe 1/1 Module Sampling Rates --------------------- Slot 1 configured rate=1024, actual rate=2048 Port Sampling Rates ------------------- Port=1/1, configured rate=1024, actual rate=2048, Subsampling factor=1 When using the sflow-tools in connection with tcpdump I can see that there are a lot of sflow-samples incoming: ./sflowtool -t -d 6343 | tcpdump -r - -n reading from file -, link-type EN10MB (Ethernet) 15:01:33.000000 IP 222.31.82.51.80 > 212.164.69.193.52175: . 2486732777:2486734237(1460) ack 4034987638 win 6432 15:01:33.000000 IP 94.56.8.56.33478 > 87.254.67.34.27030: UDP, length: 55 15:01:33.000000 IP 99.56.241.150.1465 > 211.31.82.56.443: . ack 979389107 win 16896 15:01:33.000000 IP 44.177.91.91.27005 > 87.254.69.78.27100: UDP, length: 53 15:01:33.000000 IP 64.161.42.116.63172 > 87.254.65.215.27040: UDP, length: 25 15:01:33.000000 IP 49.55.81.211.61701 > 87.254.71.91.27015: UDP, length: 34 15:01:33.000000 IP 24.131.162.223.63349 > 87.254.76.44.27015: UDP, length: 51 The NTOP-Logfile is filled with data: Mar 24 15:14:34 localhost ntop[17152]: datagramSourceIP 3.254.424.80 Mar 24 15:14:34 localhost ntop[17152]: datagramSize 1200 Mar 24 15:14:34 localhost ntop[17152]: unixSecondsUTC 1143209674 Mar 24 15:14:34 localhost ntop[17152]: datagramVersion 2 Mar 24 15:14:34 localhost ntop[17152]: agent 80.424.222.2 Mar 24 15:14:34 localhost ntop[17152]: packetSequenceNo 31684 Mar 24 15:14:34 localhost ntop[17152]: sysUpTime 729859000 Mar 24 15:14:34 localhost ntop[17152]: samplesInPacket 5 Mar 24 15:14:34 localhost ntop[17152]: startSample ---------------------- Mar 24 15:14:34 localhost ntop[17152]: sampleType_tag 0:1 Mar 24 15:14:34 localhost ntop[17152]: sampleType FLOWSAMPLE Mar 24 15:14:34 localhost ntop[17152]: sampleSequenceNo 179234 Mar 24 15:14:34 localhost ntop[17152]: sourceId 0:1 Mar 24 15:14:34 localhost ntop[17152]: meanSkipCount 2048 Mar 24 15:14:34 localhost ntop[17152]: samplePool 367071232 Mar 24 15:14:34 localhost ntop[17152]: dropEvents 0 Mar 24 15:14:34 localhost ntop[17152]: inputPort 1 Mar 24 15:14:34 localhost ntop[17152]: outputPort 1 Mar 24 15:14:34 localhost ntop[17152]: flowSampleType HEADER Mar 24 15:14:34 localhost ntop[17152]: headerProtocol 1 Mar 24 15:14:34 localhost ntop[17152]: sampledPacketSize 151 Mar 24 15:14:34 localhost ntop[17152]: headerLen 128 Mar 24 15:14:34 localhost ntop[17152]: headerBytes 00-90-69-CD-D4-3E-00-E0-52-AA-B9-00-08-00-45-00-00-89-CF-84-40-00-3F-11-04-2 1-54-FE-41-92-54-A3-7C-8B-69-A5-69-7D-00-75-D0-81-0C-63-00-00-7D-B7-00-00-31 -04-7B-0B-04-11-1F-0F-0D-39-8E-5C-30-80-8A-7E-4C-6A-DA-4D-14-50-56-25-2E-00- 22-08-48-13-20-49-17-F0-1C-2E-86-1E-12-4C-D8-D3-78-DA-AA-38-6E-F1-46-50-04-5 C-24-08-B8-CF-0E-58-50-0E-D3-1E-2F-CC-52-58-0E-8A-16-00-1B-74-40-AA-90-0E-9E -81 Mar 24 15:14:34 localhost ntop[17152]: dstMAC 009069cdd43e Mar 24 15:14:34 localhost ntop[17152]: srcMAC 00e052aab900 Mar 24 15:14:34 localhost ntop[17152]: IPSize 137 Mar 24 15:14:34 localhost ntop[17152]: ip.tot_len = 137 Mar 24 15:14:34 localhost ntop[17152]: srcIP 87.254.65.146 Mar 24 15:14:34 localhost ntop[17152]: dstIP 87.163.124.139 Mar 24 15:14:34 localhost ntop[17152]: IPProtocol 17 Mar 24 15:14:34 localhost ntop[17152]: IPTOS 0 Mar 24 15:14:34 localhost ntop[17152]: IPTTL 63 Mar 24 15:14:34 localhost ntop[17152]: UDPSrcPort 27045 Mar 24 15:14:34 localhost ntop[17152]: UDPDstPort 27005 Mar 24 15:14:34 localhost ntop[17152]: UDPBytes 117 Mar 24 15:14:34 localhost ntop[17152]: extendedType SWITCH Mar 24 15:14:34 localhost ntop[17152]: in_vlan 991 Mar 24 15:14:34 localhost ntop[17152]: in_priority 0 Mar 24 15:14:34 localhost ntop[17152]: out_vlan 907 Mar 24 15:14:34 localhost ntop[17152]: out_priority 0 Mar 24 15:14:34 localhost ntop[17152]: extendedType ROUTER Mar 24 15:14:34 localhost ntop[17152]: nextHop 212.18.11.121 Mar 24 15:14:34 localhost ntop[17152]: srcSubnetMask 18 Mar 24 15:14:34 localhost ntop[17152]: dstSubnetMask 10 Mar 24 15:14:34 localhost ntop[17152]: extendedType GATEWAY Mar 24 15:14:34 localhost ntop[17152]: my_as 21501 Mar 24 15:14:34 localhost ntop[17152]: src_as 12345 Mar 24 15:14:34 localhost ntop[17152]: src_peer_as 12345 Mar 24 15:14:34 localhost ntop[17152]: dst_as 3320 Mar 24 15:14:34 localhost ntop[17152]: dst_peer_as 34066 Mar 24 15:14:34 localhost ntop[17152]: dst_as_path_len 2 Mar 24 15:14:34 localhost ntop[17152]: dst_as_path Mar 24 15:14:34 localhost ntop[17152]: 34066 Mar 24 15:14:34 localhost ntop[17152]: 3320 Mar 24 15:14:34 localhost ntop[17152]: Mar 24 15:14:34 localhost ntop[17152]: endSample ---------------------- Thanks for your help in advance, Gunther [Ips have been modified before posting to this public mailinglist] _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
