From owner-freebsd-questions@FreeBSD.ORG Fri Aug 21 04:21:45 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3B574106568E for ; Fri, 21 Aug 2009 04:21:45 +0000 (UTC) (envelope-from James.Ren@britishcouncil.org.cn) Received: from mail155.messagelabs.com (mail155.messagelabs.com [85.158.138.35]) by mx1.freebsd.org (Postfix) with SMTP id 229B28FC6E for ; Fri, 21 Aug 2009 04:21:43 +0000 (UTC) X-VirusChecked: Checked X-Env-Sender: James.Ren@britishcouncil.org.cn X-Msg-Ref: server-7.tower-155.messagelabs.com!1250826820!20099190!1 X-StarScan-Version: 6.1.3; banners=britishcouncil.org.cn,-,- X-Originating-IP: [217.205.230.88] Received: (qmail 31263 invoked from network); 21 Aug 2009 03:53:40 -0000 Received: from unknown (HELO G1?GSN2B?MS002.BritishCouncil.Org) (217.205.230.88) by server-7.tower-155.messagelabs.com with SMTP; 21 Aug 2009 03:53:40 -0000 Received: from CN_BJS1B_MS004.BritishCouncil.Org ([10.36.36.27]) by G1_GSN2B_MS002.BritishCouncil.Org with Microsoft SMTPSVC(6.0.3790.3959); Fri, 21 Aug 2009 04:53:40 +0100 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Fri, 21 Aug 2009 11:53:36 +0800 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: data captured by fprobe but not shown on nfsen Thread-Index: AcoiEr+Q6Pqqjbw9S8mFRnkvYHbhgw== X-Priority: 1 Priority: Urgent importance: high From: "Ren, James (China)" To: X-OriginalArrivalTime: 21 Aug 2009 03:53:40.0065 (UTC) FILETIME=[F8196510:01CA2212] Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: data captured by fprobe but not shown on nfsen X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Aug 2009 04:21:45 -0000 Dear=20all, =20 I=20started=20to=20use=20FreeBSD=20last=20week=20and=20encountered=20a=20f= ew=20problems.=20I'd be=20grateful=20if=20any=20of=20you=20could=20give=20a=20hand. =20 I=20installed=20FreeBSD=207.2=20on=20Dell=20GX520=20with=20two=20network=20= adaptors,=20one on-board=20and=20the=20other=20PCI=20addon.=20They=20are=20all=2010/100=20= baseT=20auto.=20The workstation=20has=202.8GHz=20CPU,=20512MB=20RAM=20and=2080G=20IDE=20Hard=20= disk. =20 The=20installation=20went=20successfully.=20After=20the=20FreeBSD=20was=20= installed,=20I firstly=20installed=20Apache22,=20then=20php5,=20and=20nfsen1.3=20includin= g=20Port Tracker.=20I=20have=20configured=20apache=20and=20nfsen=20properly=20so=20= that=20nfsen.php page=20could=20be=20viewed=20properly=20on=20other=20workstations=20within= =20the=20network. Now=20that=20I=20could=20see=20the=20diagrams=20generated=20by=20nfsen,=20= I=20then=20installed fprobe=20on=20the=20same=20workstation=20in=20hope=20to=20capture=20data=20= from=20one=20network interface=20and=20projected=20it=20as=20netflow=20for=20nfsen.=20Fprobe=20= was=20installed successfully. =20 I=20configured=20the=20on-board=20network=20card=20named=20as=20bge0=20as=20= dhcp=20client=20to receive=20ipv4=20address=20from=20DHCP=20in=20my=20network.=20I=20then=20c= onnected=20the=20other PCI=20network=20card=20named=20as=20vr0=20to=20my=20core=20Cisco=203560=20= switch.=20I=20configured on=20switch=20to=20monitor=20session=201=20to=20mirror=20g0/22=20rx=20traf= fic=20to=20g0/2=20which was=20connected=20to=20vr0.=20When=20I=20checked=20on=20the=20switch,=20sh= ow=20inter=20gi0/2=20and gi0/2=20counters.=20I=20could=20see=20the=20port=20was=20in=20monitoring=20= status=20and overnight=20about=2010G=20data=20had=20been=20sent=20to=20vr0.=20Physicall= y=20I=20could=20see the=20LED=20on=20vr0=20flickering=20madly=20showing=20the=20data=20were=20= transmitting. =20 I=20typed=20fprobe=20-i=20vr0=20127.0.0.1:9995=20and=20also=20fprobe=20-i=20= vr0 localhost:9995 =20 Here=20came=20the=20problem,=20when=20I=20typed=20tcpdump=20-n=20-i=20lo0=20= dst=20port=209995=20I could=20see=20any=20udp=20sent=20to=20port=209995,=20no=20matter=20how=20l= ong=20I=20waited. I=20then=20typed=20fprobe=20127.0.0.1:9995=20and=20fprobe=20localhost:9995= =20(Sorry=20I was=20not=20sure=20which=20one=20was=20correct.) This=20time=20tcpdump=20showed=20UDP=20traffic=20to=20port=209995=20and=20= nfsen=20did=20capture some=20data.=20However,=20after=20a=20night=20it=20only=20showed=20very=20= few=20traffic through,=20most=20of=20which=20were=20dns=20and=20broadcasting=20traffic!=20= So=20fprobe didn't=20get=20anything=20from=20vr0=20at=20all. =20 I=20have=20searched=20the=20web=20and=20checked=20the=20syntax=20for=20fpr= obe=20and=20manual didn't=20explain=20much=20in=20this. =20 Where=20was=20I=20getting=20wrong?=20Could=20anyone=20give=20me=20a=20hand= ? =20 =20 Regards, =20 James=20Ren =20 The=20British=20Council=20is=20the=20United=20Kingdom's=20international=20= organisation=20for=20educational=20opportunities=20and=20cultural=20relati= ons.=20We=20are=20a=20registered=20charity;=20209131=20(England=20and=20Wa= les)=20SC037733=20(Scotland).=20We=20build=20engagement=20and=20trust=20fo= r=20the=20UK=20through=20the=20exchange=20of=20knowledge=20and=20ideas=20b= etween=20people=20worldwide. This=20message=20is=20for=20the=20use=20of=20the=20intended=20recipient(s)= =20only.=20If=20you=20have=20received=20this=20message=20in=20error,=20ple= ase=20notify=20the=20sender=20and=20delete=20it.=20The=20British=20Council= =20accepts=20no=20liability=20for=20loss=20or=20damage=20caused=20by=20sof= tware=20viruses=20and=20you=20are=20advised=20to=20carry=20out=20a=20virus= =20check=20on=20any=20attachments=20contained=20in=20this=20message.