[netflow-tools] Input for softflowd from pcap file.
subramanian ramasamy
subra.tech at gmail.com
Tue Jul 10 05:20:50 EST 2007
Hi,
Iam new to NetFlow and softflowd.
I ran softflowd with input from a pcap file which has a 20 min complete ssh
conversation between two machines. I ran tcpdump on the collector machine
and saved the NetFlow V9 traffic from softflowd. I saved the exported info
as dmp file and later examined using wireshark. I only see Template Flowset
and no Data Flowset.
Am i doing anything wrong ?
Thanks,
Subra.
> softflowd -D -v 9 -r TCP_20min_conn.dmp -n 10.6.100.134:9992
softflowd v0.9.8 starting data collection
Exporting flows to [10.6.100.134]:9992
ADD FLOW seq:1 [10.1.1.40]:22 <> [10.1.5.46]:3123 proto:6
Shutting down after pcap EOF
Shutting down on user request
Starting expiry scan: mode -1
Queuing flow seq:1 (0x927d4c8) for expiry reason 3
Finished scan 1 flow(s) to be evicted
Flow 2/0: r 0 offset 190 type 0004 len 66(0x0042) flows 2
Sending flow packet len = 192
sent 1 netflow packets
EXPIRED: seq:1 [10.1.1.40]:22 <> [10.1.5.46]:3123 proto:6 octets>:5143
packets>:48 octets<:6324 packets<:46
start:2007-04-30T22:18:59.801finish:2007-04-30T22:43:
13.317 tcp>:1b tcp<:1b flowlabel>:00000000 flowlabel<:00000000 (0x927d4c8)
Number of active flows: 0
Packets processed: 94
Fragments: 0
Ignored packets: 0 (0 non-IP, 0 too short)
Flows expired: 1 (0 forced)
Flows exported: 1 in 1 packets (0 failures)
Expired flow statistics: minimum average maximum
Flow bytes: 11467 11467 11467
Flow packets: 94 94 94
Duration: 1453.52s 1453.52s 1453.52s
Expired flow reasons:
tcp = 0 tcp.rst = 0 tcp.fin = 0
udp = 0 icmp = 0 general = 0
maxlife = 0
over 2Gb = 0
maxflows = 0
flushed = 1
Per-protocol statistics: Octets Packets Avg Life Max Life
tcp (6): 11467 94 1453.52s 1453.52s
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mindrot.org/pipermail/netflow-tools/attachments/20070709/db2c3e54/attachment.html
More information about the netflow-tools
mailing list