[netflow-tools] Problem with pfflowd on freebsd 6.0
Sebastian Schwerdhoefer
sschwerdhoefer at multamedio.de
Wed Jan 25 02:05:48 EST 2006
Damien Miller schrieb am 2006-01-21 um 00:25 Uhr:
> Does tcpdump on the pfsync interface see delete events?
Hm...:
Directly listening at pfsync0 does not work (tcpdump: unsupported data
link type 121) and if I listen at the "syncdev", tcpdump or ethereal
does not decode the pfsync packets. Anyway I'll attach a commented
tcpdump output. Maybe you can decode it.
regards,
Sebastian Schwerdhoefer
11:34:10.466564 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:34:11.125427 IP 172.16.17.241 > 224.0.0.240: pfsync 92
11:34:11.126415 IP 172.16.17.241 > 224.0.0.240: pfsync 228
11:34:11.126422 IP 172.16.17.241 > 224.0.0.240: pfsync 92
11:34:11.127423 IP 172.16.17.241 > 224.0.0.240: pfsync 228
11:34:12.127270 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:13.128119 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:34:14.464950 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:34:15.465793 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:34:15.974669 IP 172.16.17.241 > 224.0.0.240: pfsync 180
11:34:15.975669 IP 172.16.17.241 > 224.0.0.240: pfsync 452
11:34:16.159600 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:34:16.342616 IP 172.16.17.241 > 224.0.0.240: pfsync 452
11:34:16.654566 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:16.752550 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:16.788545 IP 172.16.17.241 > 224.0.0.240: pfsync 452
11:34:17.788405 IP 172.16.17.241 > 224.0.0.240: pfsync 444
11:34:19.127201 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:34:20.325028 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:34:21.470885 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:34:22.471730 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:34:23.472587 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:34:24.473424 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:34:25.474272 IP 172.16.17.241 > 224.0.0.240: pfsync 444
11:34:26.475116 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:34:27.475965 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:34:28.476825 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:34:29.477657 IP 172.16.17.241 > 224.0.0.240: pfsync 444
### Here I started my browser and pfctl -ss reported the new states
11:34:30.478538 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:34:30.937397 IP 172.16.17.241 > 224.0.0.240: pfsync 444
11:34:30.948405 IP 172.16.17.241 > 224.0.0.240: pfsync 452
11:34:31.515314 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:31.522305 IP 172.16.17.241 > 224.0.0.240: pfsync 180
11:34:31.531302 IP 172.16.17.241 > 224.0.0.240: pfsync 1348
11:34:31.538301 IP 172.16.17.241 > 224.0.0.240: pfsync 180
11:34:31.539301 IP 172.16.17.241 > 224.0.0.240: pfsync 452
11:34:31.551299 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:31.565296 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:31.585294 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:31.587294 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:31.591292 IP 172.16.17.241 > 224.0.0.240: pfsync 452
11:34:31.611290 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:31.726274 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:32.481171 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:32.493161 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:34:32.679128 IP 172.16.17.241 > 224.0.0.240: pfsync 452
11:34:32.925090 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:32.948087 IP 172.16.17.241 > 224.0.0.240: pfsync 900
11:34:32.958134 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:32.969083 IP 172.16.17.241 > 224.0.0.240: pfsync 452
11:34:32.980082 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:32.987080 IP 172.16.17.241 > 224.0.0.240: pfsync 180
11:34:32.989080 IP 172.16.17.241 > 224.0.0.240: pfsync 900
11:34:32.990080 IP 172.16.17.241 > 224.0.0.240: pfsync 180
11:34:32.995078 IP 172.16.17.241 > 224.0.0.240: pfsync 452
11:34:33.011077 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:33.013079 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:33.013086 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:33.015076 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:33.019076 IP 172.16.17.241 > 224.0.0.240: pfsync 180
11:34:33.020075 IP 172.16.17.241 > 224.0.0.240: pfsync 452
11:34:33.047072 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:33.049070 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:33.061069 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:33.067068 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:33.070072 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:33.078084 IP 172.16.17.241 > 224.0.0.240: pfsync 452
11:34:33.090068 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:33.092068 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:33.095063 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:33.096064 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:33.097063 IP 172.16.17.241 > 224.0.0.240: pfsync 452
11:34:33.105062 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:33.120071 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:33.126059 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:33.149069 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:33.163058 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:33.487007 IP 172.16.17.241 > 224.0.0.240: pfsync 532
11:34:35.139763 IP 172.16.17.241 > 224.0.0.240: pfsync 444
11:34:36.483596 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:34:37.484453 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:38.485306 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:39.486153 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:40.487004 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:41.487842 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:42.488700 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:43.489549 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:44.490399 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:45.491243 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:46.492091 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:47.492935 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:48.493785 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:49.494633 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:50.495475 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:51.496320 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:52.497174 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:53.498025 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:54.498862 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:55.499717 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:56.500564 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:57.501409 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:58.502263 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:34:59.503112 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:35:00.503956 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:35:01.504799 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:35:02.505670 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:35:03.505466 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:35:04.507362 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:35:05.508193 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:35:06.509046 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:35:07.509889 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:35:08.510839 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:35:09.511582 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:35:10.512434 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:35:11.513289 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:35:12.514120 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:35:13.514971 IP 172.16.17.241 > 224.0.0.240: pfsync 356
### here the states dissapeared.
11:35:14.515815 IP 172.16.17.241 > 224.0.0.240: pfsync 356
11:35:15.516661 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:35:16.517510 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:35:17.518346 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:35:18.519201 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:35:19.520041 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:35:20.520889 IP 172.16.17.241 > 224.0.0.240: pfsync 268
11:35:21.521741 IP 172.16.17.241 > 224.0.0.240: pfsync 268
More information about the netflow-tools
mailing list