Hi,<br><br>Iam new to NetFlow and softflowd.<br><br>I ran softflowd with input from a pcap file which has a 20 min complete ssh conversation between two machines. I ran tcpdump on the collector machine and saved the NetFlow V9 traffic from softflowd. I saved the exported info as dmp file and later examined using wireshark. I only see Template Flowset and no Data Flowset.
<br><br>Am i doing anything wrong ?<br><br>Thanks,<br>Subra.<br><br><br>> softflowd -D -v 9 -r TCP_20min_conn.dmp -n <a href="http://10.6.100.134:9992">10.6.100.134:9992</a><br>softflowd v0.9.8 starting data collection
<br>Exporting flows to [<a href="http://10.6.100.134">10.6.100.134</a>]:9992<br>ADD FLOW seq:1 [<a href="http://10.1.1.40">10.1.1.40</a>]:22 <> [<a href="http://10.1.5.46">10.1.5.46</a>]:3123 proto:6<br>Shutting down after pcap EOF
<br>Shutting down on user request<br>Starting expiry scan: mode -1<br>Queuing flow seq:1 (0x927d4c8) for expiry reason 3<br>Finished scan 1 flow(s) to be evicted<br>Flow 2/0: r 0 offset 190 type 0004 len 66(0x0042) flows 2
<br>Sending flow packet len = 192<br>sent 1 netflow packets<br>EXPIRED: seq:1 [<a href="http://10.1.1.40">10.1.1.40</a>]:22 <> [<a href="http://10.1.5.46">10.1.5.46</a>]:3123 proto:6 octets>:5143 packets>:48 octets<:6324 packets<:46 start:2007-04-30T22:18:
59.801 finish:2007-04-30T22:43:13.317 tcp>:1b tcp<:1b flowlabel>:00000000 flowlabel<:00000000 (0x927d4c8)<br>Number of active flows: 0<br>Packets processed: 94<br>Fragments: 0<br>Ignored packets: 0 (0 non-IP, 0 too short)
<br>Flows expired: 1 (0 forced)<br>Flows exported: 1 in 1 packets (0 failures)<br><br>Expired flow statistics: minimum average maximum<br> Flow bytes: 11467 11467 11467<br> Flow packets: 94 94 94
<br> Duration: 1453.52s 1453.52s 1453.52s<br><br>Expired flow reasons:<br> tcp = 0 tcp.rst = 0 tcp.fin = 0<br> udp = 0 icmp = 0 general = 0
<br> maxlife = 0<br> over 2Gb = 0<br> maxflows = 0<br> flushed = 1<br><br>Per-protocol statistics: Octets Packets Avg Life Max Life<br> tcp (6): 11467 94
1453.52s 1453.52s<br><br>