Hello ntop list! Cisco has recently opened up Netflow support on the entire range of their ASA firewalls (previously only available on the top-end gear) and since I've got an ASA firewall here I thought I'd give it a whirl.
It looks like ntop is receiving the flow, but it is discarding a large number of the datagrams. Particularly, it seems to not understand 2/3s of the templates that are sent. It seems that the system is not collecting any network data from this flow, as no data is viewable on any of the report pages. I have sniffed the traffic and made sure that the traffic really is getting to ntop. Below is the Netflow Statistics page. It seems interesting that the Valid Flows Received is the same number as the Flows with Zero Packet Count number - these definitely increase together over time so it isn't a coincidence that they're the same. Flow Senders 192.168.2.1 [82 pkts] Packets Received 82 Packets with Bad Version 0 Packets Processed 82 Valid Flows Received 134 Average Number of Flows per Packet 3.9 V1 Flows Received 0 V5 Flows Received 0 V7 Flows Received 0 V9 Data Flows Received 134 V9 Option Flows Received 0 Total V9 Templates Received 61 Bad V9 Templates Received 3 V9 Flows with Unknown Templates Received 55 Discarded Flows Flows with Zero Packet Count 134 Flows with Zero Byte Count 0 Flows with Bad Data 0 Flows with Unknown Template 55 Total Number of Flows Processed 0 I've compiled version 3.3.10, running on Ubuntu 9.04. I actually had intended to run this same configuration on an older machine of mine - a Ubuntu 7.10 host running 3.2 - it also shows these same results. I've got a non-production system here to test with if someone can help aim me in a direction. Thanks! pw
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
