Date: Tue, 26 May 2015 18:36:47 +0500 From: "Eugene M. Zheganin" <emz@norma.perm.ru> To: freebsd-net@freebsd.org Subject: ng_netflow Message-ID: <556476EF.1090706@norma.perm.ru>
index | next in thread | raw e-mail
Hi.
I'm using ng_netflow along with flow-tools to collect traffic statistics.
What is bothering me, is that I constantly see lost flow. What is even
more weird - is that ng_netflow and flow-capture are on the same host,
and are communication via lo0:
May 26 18:33:16 balancer1 flow-capture[67265]: ftpdu_seq_check():
src_ip=127.0.0.1 dst_ip=49.51.57.55 d_version=5 expect
ing=2033661856 received=2033666446 lost=4590
May 26 18:33:17 balancer1 flow-capture[67265]: ftpdu_seq_check():
src_ip=127.0.0.1 dst_ip=0.0.0.0 d_version=5 expecting=
2033666446 received=2033666476 lost=30
May 26 18:33:17 balancer1 flow-capture[67265]: ftpdu_seq_check():
src_ip=127.0.0.1 dst_ip=49.52.48.48 d_version=5 expect
ing=2033461677 received=2033666926 lost=205249
May 26 18:33:17 balancer1 flow-capture[67265]: ftpdu_seq_check():
src_ip=127.0.0.1 dst_ip=0.0.0.0 d_version=5 expecting=
2033666926 received=2033666956 lost=30
Plus I see weird IPs like "dst_ip=0.0.0.0" or "dst_ip=0.2.0.4".
Can someone point me what m I doing wrong ?
I configure the netflow like this:
/usr/sbin/ngctl -f- <<-SEQ
mkpeer bge0: netflow lower iface0
name bge0:lower netflow
connect bge0: netflow: upper out0
connect bge1: netflow: lower iface1
connect bge1: netflow: upper out1
msg netflow: setconfig { iface=0 conf=63 }
msg netflow: setconfig { iface=1 conf=63 }
msg netflow: setmtu { mtu=16384 }
mkpeer netflow: ksocket export inet/dgram/udp
msg netflow:export connect inet/127.0.0.1:4444
name netflow:export ksocket
SEQ
By the way setting MTU to 16384 doesn't change the packet size as
tcpdump sees it on lo0.
Thanks.
Eugene.
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?556476EF.1090706>