Date: Fri, 29 May 2015 16:26:26 +0300 From: Gleb Smirnoff <glebius@FreeBSD.org> To: "Eugene M. Zheganin" <emz@norma.perm.ru> Cc: freebsd-net@freebsd.org Subject: Re: ng_netflow Message-ID: <20150529132626.GS73119@FreeBSD.org> In-Reply-To: <556476EF.1090706@norma.perm.ru> References: <556476EF.1090706@norma.perm.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 26, 2015 at 06:36:47PM +0500, Eugene M. Zheganin wrote: E> I'm using ng_netflow along with flow-tools to collect traffic statistics. E> What is bothering me, is that I constantly see lost flow. What is even E> more weird - is that ng_netflow and flow-capture are on the same host, E> and are communication via lo0: Flows can be lost due to buffer overflows in the UDP socket, in the interface queue, in the network itself. That's nature of UDP. E> May 26 18:33:16 balancer1 flow-capture[67265]: ftpdu_seq_check(): E> src_ip=127.0.0.1 dst_ip=49.51.57.55 d_version=5 expect E> ing=2033661856 received=2033666446 lost=4590 E> May 26 18:33:17 balancer1 flow-capture[67265]: ftpdu_seq_check(): E> src_ip=127.0.0.1 dst_ip=0.0.0.0 d_version=5 expecting= E> 2033666446 received=2033666476 lost=30 E> May 26 18:33:17 balancer1 flow-capture[67265]: ftpdu_seq_check(): E> src_ip=127.0.0.1 dst_ip=49.52.48.48 d_version=5 expect E> ing=2033461677 received=2033666926 lost=205249 E> May 26 18:33:17 balancer1 flow-capture[67265]: ftpdu_seq_check(): E> src_ip=127.0.0.1 dst_ip=0.0.0.0 d_version=5 expecting= E> 2033666926 received=2033666956 lost=30 E> E> Plus I see weird IPs like "dst_ip=0.0.0.0" or "dst_ip=0.2.0.4". E> Can someone point me what m I doing wrong ? Not sure what traffic can cause that. You need to debug that. -- Totus tuus, Glebius.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150529132626.GS73119>