Date: Thu, 14 Jun 2007 13:54:51 -0400 From: George Uhl <george.uhl@gsfc.nasa.gov> To: freebsd-net@freebsd.org Subject: ng_netflow unable to capture data Message-ID: <p06210207c2970bf52632@[192.168.4.25]>
next in thread | raw e-mail | index | archive | help
I'm using a freebsd 6.2-RELEASE host as a passive monitor between two routers. I have a netoptics fiber tap that I use to split out the transmit signal from each router and I run them into two fiber interfaces on my host. With ng_eiface I've created a virtual ethernet interface that I use to combine the two transmit streams using ng_one2many. I can see the combined transmit streams on the virtual interface using tcpdump. However, I'm unable to capture netflow data. Any help would be appreciated. Script to set up netflow using netgraph: #!/bin/sh kldload ng_ether kldload ng_tee kldload ng_one2many kldload ng_netflow kldload ng_ksocket # ifaces accepting transmit streams from the routers ifconfig em2 promisc -arp up ifconfig em3 promisc -arp up # create a netgraph virtual interface and attach a tee node to it ngctl mkpeer . eiface hook ether ngctl mkpeer ngeth0: tee lower right ngctl name ngeth0:lower tee0 # bring up ngeth0 ifconfig ngeth0 promisc -arp up # create a one2many node, attach tapped interfaces to it and hook it to tee node ngctl mkpeer tee0: one2many left one ngctl name tee0:left o2m0 ngctl connect em2: o2m0: lower many0 ngctl connect em3: o2m0: lower many1 # hook up netflow to tap ngctl mkpeer tee0: netflow right2left iface0 ngctl name tee0:right2left flow0 # hook up netflow export to ksocket ngctl mkpeer flow0: ksocket export inet/dgram/udp ngctl msg flow0:export connect inet/127.0.0.1:4444 -- ----------------------------------------------- George Uhl ESDIS Network Prototyping Lab email: george.uhl@gsfc.nasa.gov phone: 301-614-5155
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p06210207c2970bf52632>