Date: Fri, 21 Aug 2009 11:53:36 +0800 From: "Ren, James (China)" <James.Ren@britishcouncil.org.cn> To: <freebsd-questions@freebsd.org> Subject: data captured by fprobe but not shown on nfsen Message-ID: <BA344B7C748D08448AE70F9D1BA93A5B04BABE56@CN_BJS1B_MS004.britishcouncil.org>
next in thread | raw e-mail | index | archive | help
Dear=20all, =20 I=20started=20to=20use=20FreeBSD=20last=20week=20and=20encountered=20a=20f= ew=20problems.=20I'd be=20grateful=20if=20any=20of=20you=20could=20give=20a=20hand. =20 I=20installed=20FreeBSD=207.2=20on=20Dell=20GX520=20with=20two=20network=20= adaptors,=20one on-board=20and=20the=20other=20PCI=20addon.=20They=20are=20all=2010/100=20= baseT=20auto.=20The workstation=20has=202.8GHz=20CPU,=20512MB=20RAM=20and=2080G=20IDE=20Hard=20= disk. =20 The=20installation=20went=20successfully.=20After=20the=20FreeBSD=20was=20= installed,=20I firstly=20installed=20Apache22,=20then=20php5,=20and=20nfsen1.3=20includin= g=20Port Tracker.=20I=20have=20configured=20apache=20and=20nfsen=20properly=20so=20= that=20nfsen.php page=20could=20be=20viewed=20properly=20on=20other=20workstations=20within= =20the=20network. Now=20that=20I=20could=20see=20the=20diagrams=20generated=20by=20nfsen,=20= I=20then=20installed fprobe=20on=20the=20same=20workstation=20in=20hope=20to=20capture=20data=20= from=20one=20network interface=20and=20projected=20it=20as=20netflow=20for=20nfsen.=20Fprobe=20= was=20installed successfully. =20 I=20configured=20the=20on-board=20network=20card=20named=20as=20bge0=20as=20= dhcp=20client=20to receive=20ipv4=20address=20from=20DHCP=20in=20my=20network.=20I=20then=20c= onnected=20the=20other PCI=20network=20card=20named=20as=20vr0=20to=20my=20core=20Cisco=203560=20= switch.=20I=20configured on=20switch=20to=20monitor=20session=201=20to=20mirror=20g0/22=20rx=20traf= fic=20to=20g0/2=20which was=20connected=20to=20vr0.=20When=20I=20checked=20on=20the=20switch,=20sh= ow=20inter=20gi0/2=20and gi0/2=20counters.=20I=20could=20see=20the=20port=20was=20in=20monitoring=20= status=20and overnight=20about=2010G=20data=20had=20been=20sent=20to=20vr0.=20Physicall= y=20I=20could=20see the=20LED=20on=20vr0=20flickering=20madly=20showing=20the=20data=20were=20= transmitting. =20 I=20typed=20fprobe=20-i=20vr0=20127.0.0.1:9995=20and=20also=20fprobe=20-i=20= vr0 localhost:9995 =20 Here=20came=20the=20problem,=20when=20I=20typed=20tcpdump=20-n=20-i=20lo0=20= dst=20port=209995=20I could=20see=20any=20udp=20sent=20to=20port=209995,=20no=20matter=20how=20l= ong=20I=20waited. I=20then=20typed=20fprobe=20127.0.0.1:9995=20and=20fprobe=20localhost:9995= =20(Sorry=20I was=20not=20sure=20which=20one=20was=20correct.) This=20time=20tcpdump=20showed=20UDP=20traffic=20to=20port=209995=20and=20= nfsen=20did=20capture some=20data.=20However,=20after=20a=20night=20it=20only=20showed=20very=20= few=20traffic through,=20most=20of=20which=20were=20dns=20and=20broadcasting=20traffic!=20= So=20fprobe didn't=20get=20anything=20from=20vr0=20at=20all. =20 I=20have=20searched=20the=20web=20and=20checked=20the=20syntax=20for=20fpr= obe=20and=20manual didn't=20explain=20much=20in=20this. =20 Where=20was=20I=20getting=20wrong?=20Could=20anyone=20give=20me=20a=20hand= ? =20 =20 Regards, =20 James=20Ren =20 The=20British=20Council=20is=20the=20United=20Kingdom's=20international=20= organisation=20for=20educational=20opportunities=20and=20cultural=20relati= ons.=20We=20are=20a=20registered=20charity;=20209131=20(England=20and=20Wa= les)=20SC037733=20(Scotland).=20We=20build=20engagement=20and=20trust=20fo= r=20the=20UK=20through=20the=20exchange=20of=20knowledge=20and=20ideas=20b= etween=20people=20worldwide. This=20message=20is=20for=20the=20use=20of=20the=20intended=20recipient(s)= =20only.=20If=20you=20have=20received=20this=20message=20in=20error,=20ple= ase=20notify=20the=20sender=20and=20delete=20it.=20The=20British=20Council= =20accepts=20no=20liability=20for=20loss=20or=20damage=20caused=20by=20sof= tware=20viruses=20and=20you=20are=20advised=20to=20carry=20out=20a=20virus= =20check=20on=20any=20attachments=20contained=20in=20this=20message.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BA344B7C748D08448AE70F9D1BA93A5B04BABE56>