Date: Wed, 01 Jun 2005 11:10:15 -0700 From: Maksim Yevmenkin <maksim.yevmenkin@savvis.net> To: Matthew Reimer <mreimer@vpop.net> Cc: freebsd-net@freebsd.org Subject: Re: Packets don't flow from ng_netflow Message-ID: <429DFA07.7070500@savvis.net> In-Reply-To: <200506011103.41726.mreimer@vpop.net> References: <200506011103.41726.mreimer@vpop.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Reimer wrote: > I'm trying to use ng_netflow to monitor our network traffic but for some > reason NetFlow packets aren't emitted unless tcpdump is running on the > interface configured with ng_netflow. > > The box is running FreeBSD 4.11-STABLE and the latest ng_netflow from ports. > It has two NICs: the main NIC fxp0 which is configured for IP, and a second > NIC dc0 which is up but with no IP configuration. I've configured port > mirroring on our Cisco switch to tee all traffic going through our upstream > port to dc0: > > # ifconfig dc0 > dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > ether 00:04:5a:79:72:f7 > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > > netgraph config: > > + mkpeer dc0: netflow lower iface0 > + name dc0:lower netflow > + mkpeer netflow: ksocket export inet/dgram/udp > + msg netflow:export connect inet/192.168.1.2:1234 > > > The problem is that no NetFlow packets are emitted unless I run tcpdump on > dc0. Is this not a valid configuration? Or is there a bug in > netgraph/ng_netflow? nope. tcpdump(1) puts interface into promiscuous mode. by default your dc0 interface will only pick packets destined for it and/or broadcast packets. please use # ifconfig dc0 promisc thanks, max
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?429DFA07.7070500>