Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers
The only thing I can configure on the NetVanta are the frequency of templates. Nothing else on what is and isn't included on the export. I'll look for docs. Are there specific elements you're looking for or an example of what is non-standard? I can try to do the research work. Thanks for looking... Jeremy Campbell Premium Financing Specialists, Inc. From: ntop-boun...@unipi.it [mailto:ntop-boun...@unipi.it] On Behalf Of Luca Deri Sent: Monday, June 22, 2009 3:37 AM To: ntop@unipi.it Subject: Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers Davide I have started the analysis of the flows you sent me. Flows contain some fields that are not standard. Jeremy (Campbell) instead has sent me flows that are very different although seem to be generated on the same box. Now the questions are - can you configure the netflow export format? - do you have any docs/URL I can look at for understanding the meaning of the custom flows? Thanks Luca Davide Lorenzetti wrote: Templates included. - Original Message - From: Luca Derimailto:d...@ntop.org To: ntop@unipi.itmailto:ntop@unipi.it Sent: Tuesday, June 16, 2009 12:36 PM Subject: Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers Davide thanks for your help. If you open the file with wirshark it says that template is missing (as ntop says). Can you please capture a longer file until you see a template? Or perhaps you have something to configure in the router to export the templates? Luca ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers
Davide I have started the analysis of the flows you sent me. Flows contain some fields that are not standard. Jeremy (Campbell) instead has sent me flows that are very different although seem to be generated on the same box. Now the questions are - can you configure the netflow export format? - do you have any docs/URL I can look at for understanding the meaning of the custom flows? Thanks Luca Davide Lorenzetti wrote: Templates included. - Original Message - From: Luca Deri To: ntop@unipi.it Sent: Tuesday, June 16, 2009 12:36 PM Subject: Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers Davide thanks for your help. If you open the file with wirshark it says that template is missing (as ntop says). Can you please capture a longer file until you see a template? Or perhaps you have something to configure in the router to export the templates? Luca ___ Ntop mailing list Ntop@unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop
Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers
No news? - Original Message - From: Davide Lorenzetti To: ntop@unipi.it Sent: Tuesday, June 16, 2009 9:33 PM Subject: Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers Templates included. - Original Message - From: Luca Deri To: ntop@unipi.it Sent: Tuesday, June 16, 2009 12:36 PM Subject: Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers Davide thanks for your help. If you open the file with wirshark it says that template is missing (as ntop says). Can you please capture a longer file until you see a template? Or perhaps you have something to configure in the router to export the templates? Luca Davide Lorenzetti wrote: - Original Message - From: Luca Deri d...@ntop.org To: ntop@unipi.it Sent: Monday, June 15, 2009 5:32 PM Subject: Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers Jeremy can you please capture some netflow packets (full size) and mail them to me so I can see what happens? Thanks Luca On Jun 15, 2009, at 4:46 PM, Jeremy Campbell wrote: It looks as though consistently 75-85% of flows get dropped with “Unknown Template” across all 20 of my Adtran Netvanta 3305’s. My Cisco’s don’t drop any… I’ve checked AOS (Adtran software) updates and errata and nothing is mentioned about NetFlow problems… Would someone be willing to take a look at a pcap and see if the Adtran is formatting out of spec or if nTop is handling something incorrectly? Can someone recommend another NetFlow server to try out and see if it has the same problem? Any other suggestions? Thanks… V9 Data Flows Received 83,919 V9 Option Flows Received 2,623 Total V9 Templates Received 5,262 V9 Flows with Unknown Templates Received 63,394 V9 Data Flows Received 133,610 V9 Option Flows Received 4,024 Total V9 Templates Received 8,257 Bad V9 Templates Received 6 V9 Flows with Unknown Templates Received 115,003 V9 Data Flows Received 83,688 V9 Option Flows Received 2,417 Total V9 Templates Received 4,875 V9 Flows with Unknown Templates Received 67,080 Jeremy Campbell Premium Financing Specialists, Inc. From: ntop-boun...@unipi.it [mailto:ntop-boun...@unipi.it] On Behalf Of Gary Gatten Sent: Friday, June 12, 2009 10:55 AM To: ntop@unipi.it Subject: Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers I can try v9 flows from Cisco on 3.3.10 and see what happens. My GUESS is Adtran is not formatting the records correctly. - Original Message - From: ntop-boun...@unipi.it ntop-boun...@unipi.it To: n...@listgateway.unipi.it n...@listgateway.unipi.it Sent: Fri Jun 12 09:29:40 2009 Subject: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers I'm running nTop v3.3.9 and getting many Unknown Templates collecting from an Adtran NetVanta 3305 using Netflow V9 (Only version supported by this router). There is no configurability on the Netvanta, so I'm looking for ways on the nTop side to get it to recognize the templates. Example statistics: Flow Senders 192.168.253.38 [9,919 pkts] Packets Received 9,919 Packets with Bad Version 0 Packets Processed 9,919 Valid Flows Received 16,674 Average Number of Flows per Packet 3.2 V1 Flows Received 0 V5 Flows Received 0 V7 Flows Received 0 V9 Data Flows Received 16,674 V9 Option Flows Received 496 Total V9 Templates Received 1,015 V9 Flows with Unknown Templates Received 15,365 Discarded Flows Flows with Zero Packet Count 0 Flows with Zero Byte Count 0 Flows with Bad Data 0 Flows with Unknown Template 15,365 Total Number of Flows Processed 16,674 Configuration on the NetVanta is very basic: ip flow export destination 10.100.0.143 2014 source eth 0/1 nTop debug output: Jun 12 09:26:21 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 2660 [displ=64][len=16488] Jun 12 09:26:22 pfc-flow ntop[43246]: NETFLOW_DEBUG: Received NetFlow packet(len=556)(deviceId=3) Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=20] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 258 [displ=20][len=44] Jun
Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers
Davide Lorenzetti wrote: No news? no time to look at it yet, sorry Stay tuned - Original Message - From: Davide Lorenzetti To: ntop@unipi.it Sent: Tuesday, June 16, 2009 9:33 PM Subject: Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers Templates included. - Original Message - From: Luca Deri To: ntop@unipi.it Sent: Tuesday, June 16, 2009 12:36 PM Subject: Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers Davide thanks for your help. If you open the file with wirshark it says that template is missing (as ntop says). Can you please capture a longer file until you see a template? Or perhaps you have something to configure in the router to export the templates? Luca Davide Lorenzetti wrote: - Original Message - From: "Luca Deri" d...@ntop.org To: ntop@unipi.it Sent: Monday, June 15, 2009 5:32 PM Subject: Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers Jeremy can you please capture some netflow packets (full size) and mail them to me so I can see what happens? Thanks Luca On Jun 15, 2009, at 4:46 PM, Jeremy Campbell wrote: It looks as though consistently 75-85% of flows get dropped with “Unknown Template” across all 20 of my Adtran Netvanta 3305’s. My Cisco’s don’t drop any… I’ve checked AOS (Adtran software) updates and errata and nothing is mentioned about NetFlow problems… Would someone be willing to take a look at a pcap and see if the Adtran is formatting out of spec or if nTop is handling something incorrectly? Can someone recommend another NetFlow server to try out and see if it has the same problem? Any other suggestions? Thanks… V9 Data Flows Received 83,919 V9 Option Flows Received 2,623 Total V9 Templates Received 5,262 V9 Flows with Unknown Templates Received 63,394 V9 Data Flows Received 133,610 V9 Option Flows Received 4,024 Total V9 Templates Received 8,257 Bad V9 Templates Received 6 V9 Flows with Unknown Templates Received 115,003 V9 Data Flows Received 83,688 V9 Option Flows Received 2,417 Total V9 Templates Received 4,875 V9 Flows with Unknown Templates Received 67,080 Jeremy Campbell Premium Financing Specialists, Inc. From: ntop-boun...@unipi.it [mailto:ntop-boun...@unipi.it] On Behalf Of Gary Gatten Sent: Friday, June 12, 2009 10:55 AM To: ntop@unipi.it Subject: Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers I can try v9 flows from Cisco on 3.3.10 and see what happens. My GUESS is Adtran is not formatting the records correctly. - Original Message - From: ntop-boun...@unipi.it ntop-boun...@unipi.it To: n...@listgateway.unipi.it n...@listgateway.unipi.it Sent: Fri Jun 12 09:29:40 2009 Subject: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers I'm running nTop v3.3.9 and getting many Unknown Templates collecting from an Adtran NetVanta 3305 using Netflow V9 (Only version supported by this router). There is no configurability on the Netvanta, so I'm looking for ways on the nTop side to get it to recognize the templates. Example statistics: Flow Senders 192.168.253.38 [9,919 pkts] Packets Received 9,919 Packets with Bad Version 0 Packets Processed 9,919 Valid Flows Received 16,674 Average Number of Flows per Packet 3.2 V1 Flows Received 0 V5 Flows Received 0 V7 Flows Received 0 V9 Data Flows Received 16,674 V9 Option Flows Received 496 Total V9 Templates Received 1,015 V9 Flows with Unknown Templates Received 15,365 Discarded Flows Flows with Zero Packet Count 0 Flows with Zero Byte Count 0 Flows with Bad Data 0 Flows with Unknown Template 15,365 Total Number of Flows Processed 16,674 Configuration on the NetVanta is very basic: ip flow export destination 10.100.0.143 2014 source eth 0/1 nTop debug output: Jun 12 09:26:21 pfc-flow ntop[43246]: Rcvd flow with UNKNOWN template 2660 [displ=64][len=16488] Jun 12 09:26:22 pfc-flow ntop[43246]: NETFLOW_DEBUG: Received NetFlow packet(len=556)(deviceId=3) Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=20] Jun 12 09:26:22 pfc-flow ntop[43246]: Rcvd flow with UNKNOWN template 258 [displ=20][len=44] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=64] Jun 12 09:26:22 pfc-flow ntop[43246]: Rcvd flow with UNKNOWN template 257 [displ=64][len=72] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=136] Jun 12 09:26:22 pfc-flow ntop[43246]: Rcvd flow with UNKNOWN template 258 [displ=1
Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers
Davide thanks for your help. If you open the file with wirshark it says that template is missing (as ntop says). Can you please capture a longer file until you see a template? Or perhaps you have something to configure in the router to export the templates? Luca Davide Lorenzetti wrote: - Original Message - From: "Luca Deri" d...@ntop.org To: ntop@unipi.it Sent: Monday, June 15, 2009 5:32 PM Subject: Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers Jeremy can you please capture some netflow packets (full size) and mail them to me so I can see what happens? Thanks Luca On Jun 15, 2009, at 4:46 PM, Jeremy Campbell wrote: It looks as though consistently 75-85% of flows get dropped with “Unknown Template” across all 20 of my Adtran Netvanta 3305’s. My Cisco’s don’t drop any… I’ve checked AOS (Adtran software) updates and errata and nothing is mentioned about NetFlow problems… Would someone be willing to take a look at a pcap and see if the Adtran is formatting out of spec or if nTop is handling something incorrectly? Can someone recommend another NetFlow server to try out and see if it has the same problem? Any other suggestions? Thanks… V9 Data Flows Received 83,919 V9 Option Flows Received 2,623 Total V9 Templates Received 5,262 V9 Flows with Unknown Templates Received 63,394 V9 Data Flows Received 133,610 V9 Option Flows Received 4,024 Total V9 Templates Received 8,257 Bad V9 Templates Received 6 V9 Flows with Unknown Templates Received 115,003 V9 Data Flows Received 83,688 V9 Option Flows Received 2,417 Total V9 Templates Received 4,875 V9 Flows with Unknown Templates Received 67,080 Jeremy Campbell Premium Financing Specialists, Inc. From: ntop-boun...@unipi.it [mailto:ntop-boun...@unipi.it] On Behalf Of Gary Gatten Sent: Friday, June 12, 2009 10:55 AM To: ntop@unipi.it Subject: Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers I can try v9 flows from Cisco on 3.3.10 and see what happens. My GUESS is Adtran is not formatting the records correctly. - Original Message - From: ntop-boun...@unipi.it ntop-boun...@unipi.it To: n...@listgateway.unipi.it n...@listgateway.unipi.it Sent: Fri Jun 12 09:29:40 2009 Subject: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers I'm running nTop v3.3.9 and getting many Unknown Templates collecting from an Adtran NetVanta 3305 using Netflow V9 (Only version supported by this router). There is no configurability on the Netvanta, so I'm looking for ways on the nTop side to get it to recognize the templates. Example statistics: Flow Senders 192.168.253.38 [9,919 pkts] Packets Received 9,919 Packets with Bad Version 0 Packets Processed 9,919 Valid Flows Received 16,674 Average Number of Flows per Packet 3.2 V1 Flows Received 0 V5 Flows Received 0 V7 Flows Received 0 V9 Data Flows Received 16,674 V9 Option Flows Received 496 Total V9 Templates Received 1,015 V9 Flows with Unknown Templates Received 15,365 Discarded Flows Flows with Zero Packet Count 0 Flows with Zero Byte Count 0 Flows with Bad Data 0 Flows with Unknown Template 15,365 Total Number of Flows Processed 16,674 Configuration on the NetVanta is very basic: ip flow export destination 10.100.0.143 2014 source eth 0/1 nTop debug output: Jun 12 09:26:21 pfc-flow ntop[43246]: Rcvd flow with UNKNOWN template 2660 [displ=64][len=16488] Jun 12 09:26:22 pfc-flow ntop[43246]: NETFLOW_DEBUG: Received NetFlow packet(len=556)(deviceId=3) Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=20] Jun 12 09:26:22 pfc-flow ntop[43246]: Rcvd flow with UNKNOWN template 258 [displ=20][len=44] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=64] Jun 12 09:26:22 pfc-flow ntop[43246]: Rcvd flow with UNKNOWN template 257 [displ=64][len=72] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=136] Jun 12 09:26:22 pfc-flow ntop[43246]: Rcvd flow with UNKNOWN template 258 [displ=136][len=44] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=180] Jun 12 09:26:22 pfc-flow ntop[43246]: Rcvd flow with UNKNOWN template 257 [displ=180][len=40] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=220] Jun 12 09:26:22 pfc-flow ntop[43246]: Rcvd flow with UNKNOWN template 258 [displ=220][len=44] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet
Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers
It looks as though consistently 75-85% of flows get dropped with “Unknown Template” across all 20 of my Adtran Netvanta 3305’s. My Cisco’s don’t drop any… I’ve checked AOS (Adtran software) updates and errata and nothing is mentioned about NetFlow problems… Would someone be willing to take a look at a pcap and see if the Adtran is formatting out of spec or if nTop is handling something incorrectly? Can someone recommend another NetFlow server to try out and see if it has the same problem? Any other suggestions? Thanks… V9 Data Flows Received 83,919 V9 Option Flows Received 2,623 Total V9 Templates Received 5,262 V9 Flows with Unknown Templates Received 63,394 V9 Data Flows Received 133,610 V9 Option Flows Received 4,024 Total V9 Templates Received 8,257 Bad V9 Templates Received 6 V9 Flows with Unknown Templates Received 115,003 V9 Data Flows Received 83,688 V9 Option Flows Received 2,417 Total V9 Templates Received 4,875 V9 Flows with Unknown Templates Received 67,080 Jeremy Campbell Premium Financing Specialists, Inc. From: ntop-boun...@unipi.it [mailto:ntop-boun...@unipi.it] On Behalf Of Gary Gatten Sent: Friday, June 12, 2009 10:55 AM To: ntop@unipi.it Subject: Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers I can try v9 flows from Cisco on 3.3.10 and see what happens. My GUESS is Adtran is not formatting the records correctly. - Original Message - From: ntop-boun...@unipi.it ntop-boun...@unipi.it To: n...@listgateway.unipi.it n...@listgateway.unipi.it Sent: Fri Jun 12 09:29:40 2009 Subject: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers I'm running nTop v3.3.9 and getting many Unknown Templates collecting from an Adtran NetVanta 3305 using Netflow V9 (Only version supported by this router). There is no configurability on the Netvanta, so I'm looking for ways on the nTop side to get it to recognize the templates. Example statistics: Flow Senders 192.168.253.38 [9,919 pkts] Packets Received 9,919 Packets with Bad Version 0 Packets Processed 9,919 Valid Flows Received 16,674 Average Number of Flows per Packet 3.2 V1 Flows Received 0 V5 Flows Received 0 V7 Flows Received 0 V9 Data Flows Received 16,674 V9 Option Flows Received 496 Total V9 Templates Received 1,015 V9 Flows with Unknown Templates Received 15,365 Discarded Flows Flows with Zero Packet Count 0 Flows with Zero Byte Count 0 Flows with Bad Data 0 Flows with Unknown Template 15,365 Total Number of Flows Processed 16,674 Configuration on the NetVanta is very basic: ip flow export destination 10.100.0.143 2014 source eth 0/1 nTop debug output: Jun 12 09:26:21 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 2660 [displ=64][len=16488] Jun 12 09:26:22 pfc-flow ntop[43246]: NETFLOW_DEBUG: Received NetFlow packet(len=556)(deviceId=3) Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=20] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 258 [displ=20][len=44] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=64] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 257 [displ=64][len=72] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=136] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 258 [displ=136][len=44] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=180] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 257 [displ=180][len=40] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=220] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 258 [displ=220][len=44] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=264] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 257 [displ=264][len=40] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=304] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 258 [displ=304][len=44] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=348] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 257 [displ=348][len=40] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=388] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 258 [displ=388][len=44] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=432] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 257 [displ=432][len=40] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=472] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 258 [displ=472][len=44] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=516] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 257 [displ=516][len=40] Any suggestions? I'm willing to put effort into helping nTop recognize the Netvanta templates if someone can point me in the right direction... Thanks
Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers
Jeremy can you please capture some netflow packets (full size) and mail them to me so I can see what happens? Thanks Luca On Jun 15, 2009, at 4:46 PM, Jeremy Campbell wrote: It looks as though consistently 75-85% of flows get dropped with “Unknown Template” across all 20 of my Adtran Netvanta 3305’s. My Cisco’s don’t drop any… I’ve checked AOS (Adtran software) updates and errata and nothing is mentioned about NetFlow problems… Would someone be willing to take a look at a pcap and see if the Adtran is formatting out of spec or if nTop is handling something incorrectly? Can someone recommend another NetFlow server to try out and see if it has the same problem? Any other suggestions? Thanks… V9 Data Flows Received 83,919 V9 Option Flows Received 2,623 Total V9 Templates Received 5,262 V9 Flows with Unknown Templates Received 63,394 V9 Data Flows Received 133,610 V9 Option Flows Received 4,024 Total V9 Templates Received 8,257 Bad V9 Templates Received 6 V9 Flows with Unknown Templates Received 115,003 V9 Data Flows Received 83,688 V9 Option Flows Received 2,417 Total V9 Templates Received 4,875 V9 Flows with Unknown Templates Received 67,080 Jeremy Campbell Premium Financing Specialists, Inc. From: ntop-boun...@unipi.it [mailto:ntop-boun...@unipi.it] On Behalf Of Gary Gatten Sent: Friday, June 12, 2009 10:55 AM To: ntop@unipi.it Subject: Re: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers I can try v9 flows from Cisco on 3.3.10 and see what happens. My GUESS is Adtran is not formatting the records correctly. - Original Message - From: ntop-boun...@unipi.it ntop-boun...@unipi.it To: n...@listgateway.unipi.it n...@listgateway.unipi.it Sent: Fri Jun 12 09:29:40 2009 Subject: [Ntop] Collecting NetFlow from Adtran Netvanta 3305 routers I'm running nTop v3.3.9 and getting many Unknown Templates collecting from an Adtran NetVanta 3305 using Netflow V9 (Only version supported by this router). There is no configurability on the Netvanta, so I'm looking for ways on the nTop side to get it to recognize the templates. Example statistics: Flow Senders 192.168.253.38 [9,919 pkts] Packets Received 9,919 Packets with Bad Version 0 Packets Processed 9,919 Valid Flows Received 16,674 Average Number of Flows per Packet 3.2 V1 Flows Received 0 V5 Flows Received 0 V7 Flows Received 0 V9 Data Flows Received 16,674 V9 Option Flows Received 496 Total V9 Templates Received 1,015 V9 Flows with Unknown Templates Received 15,365 Discarded Flows Flows with Zero Packet Count 0 Flows with Zero Byte Count 0 Flows with Bad Data 0 Flows with Unknown Template 15,365 Total Number of Flows Processed 16,674 Configuration on the NetVanta is very basic: ip flow export destination 10.100.0.143 2014 source eth 0/1 nTop debug output: Jun 12 09:26:21 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 2660 [displ=64][len=16488] Jun 12 09:26:22 pfc-flow ntop[43246]: NETFLOW_DEBUG: Received NetFlow packet(len=556)(deviceId=3) Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=20] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 258 [displ=20][len=44] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=64] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 257 [displ=64][len=72] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=136] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 258 [displ=136][len=44] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=180] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 257 [displ=180][len=40] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=220] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 258 [displ=220][len=44] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=264] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 257 [displ=264][len=40] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=304] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 258 [displ=304][len=44] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=348] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 257 [displ=348][len=40] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=388] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 258 [displ=388][len=44] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=432] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 257 [displ=432][len=40] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=472] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 258 [displ=472][len=44] Jun 12 09:26:22 pfc-flow ntop[43246]: Found FlowSet [displ=516] Jun 12 09:26:22 pfc-flow ntop[43246]:Rcvd flow with UNKNOWN template 257
