[netflow-tools] Dropped flows?
Michael W. Lucas
mwlucas at blackhelicopters.org
Sat Aug 5 00:44:00 EST 2006
Hi,
I'm running a box with four instances of softflowd, on four different
interfaces, pointing at four different networks. syslog is reporting
lots of these errors:
Aug 3 12:09:48 ns1 flow-capture[705]: ftpdu_seq_check(): src_ip=127.0.0.1 dst_ip=127.0.0.1 d_version=5 expecting=1465693 received=1465702 lost=9
Aug 3 12:09:48 ns1 flow-capture[705]: ftpdu_seq_check(): src_ip=127.0.0.1 dst_ip=127.0.0.1 d_version=5 expecting=1465731 received=1465702 lost=4294967266
Aug 3 12:09:48 ns1 flow-capture[709]: ftpdu_seq_check(): src_ip=127.0.0.1 dst_ip=127.0.0.1 d_version=5 expecting=2620523 received=2620524 lost=1
Aug 3 12:09:48 ns1 flow-capture[709]: ftpdu_seq_check(): src_ip=127.0.0.1 dst_ip=127.0.0.1 d_version=5 expecting=2620526 received=2620528 lost=2
We got 34 of them in one arbitrary second.
Am I really losing 4294967266 flows, as that one message states, or
are the instances overlap in some way?
Thanks,
==ml
PS: I leave for vacation today at 3PM, but decided I better get this
message out before I forget about it... as I'm getting lots of data, I
expect that this is either a bug or I'm using softflowd in an
unexpected way.
--
Michael W. Lucas mwlucas at FreeBSD.org, mwlucas at BlackHelicopters.org
http://www.BlackHelicopters.org/~mwlucas/
Latest book: PGP & GPG -- http://www.pgpandgpg.com
"The cloak of anonymity protects me from the nuisance of caring." -Non Sequitur
More information about the netflow-tools
mailing list