[Bug 1944] New: Wrong "Date flow start" and "Duration Proto" in version 9 with nfcapd
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Oct 19 17:00:05 EST 2011
https://bugzilla.mindrot.org/show_bug.cgi?id=1944
Bug #: 1944
Summary: Wrong "Date flow start" and "Duration Proto" in
version 9 with nfcapd
Classification: Unclassified
Product: softflowd
Version: -current
Platform: amd64
OS/Version: FreeBSD
Status: NEW
Severity: critical
Priority: P2
Component: softflowd
AssignedTo: djm at mindrot.org
ReportedBy: 8509985 at gmail.com
Hello, i'm from Russia, so sorry my english please.
We have:
1. Sensor:
# uname -a
FreeBSD HOST 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Sat Oct 8 16:37:12
MSD 2011 root at HOST:/usr/obj/usr/src/sys/MYKERNEL amd64
# date
Wed Oct 19 09:50:03 MSD 2011
# pkg_info | grep softflowd
softflowd-0.9.8_2 Softflowd is flow-based network traffic analyser
with expor
Start softflowd daemon like:
/usr/local/sbin/softflowd -v 9 -i lan -n COLLECTOR:9998 -p
/var/run/softflowd.lan.pid -c /var/run/softflowd.lan.ctl -m 819200 -t
maxlife=20m -t general=20m -t tcp=20m
2. Collector
# uname -a
Linux COLLECTOR 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009
x86_64 x86_64 x86_64 GNU/Linux
# date
Срд Окт 19 09:49:48 MSD 2011
# nfcapd -V
nfcapd: Version: 1.6.1 $LastChangedDate: 2010-03-05 07:50:35 +0100
(Fri, 05 Mar 2010) $
$Id: nfcapd.c 51 2010-01-29 09:01:54Z haag $
Start collector nfcapd like:
/usr/local/bin/nfcapd -w -D -z -n SENSOR sensor_ip /tmp/netflowv9 -p
9998 -t 300 -u username -g usergroup -P /tmp/netflowv9/9998.pid -x
/tmp/netflowv9/nfcapdmv -B 200000
So, we have this:
# nfdump -r nfcapd.201110190940
Date flow start Duration Proto Src IP Addr:Port
Dst IP Addr:Port Packets Bytes Flows
...
...
2011-08-30 16:16:29.631 4294958.395 TCP 10.7.8.51:3032 ->
194.186.138.86:55571 3 144 1
2011-08-30 16:16:29.631 4294958.395 TCP 10.7.8.51:3033 ->
85.234.28.15:40435 3 144 1
2011-08-30 16:16:29.631 4294958.395 TCP 10.7.8.51:3034 ->
85.143.60.93:37867 3 144 1
2011-08-30 16:31:20.713 4294591.301 UDP 10.7.8.51:39759 ->
213.142.50.205:28909 6 348 1
2011-08-30 16:31:22.295 4294965.814 TCP 10.7.8.223:59668 ->
83.149.29.243:8888 4 216 1
2011-08-30 16:31:22.295 4294965.814 TCP 83.149.29.243:8888 ->
10.7.8.223:59668 3 164 1
2011-08-30 16:16:31.643 4294958.359 TCP 10.7.8.51:3038 ->
82.151.198.182:49674 3 144 1
2011-08-30 16:31:22.728 4294419.301 UDP 10.7.8.51:39759 ->
178.70.190.49:47659 6 348 1
2011-10-19 09:34:09.998 0.000 UDP 10.7.8.51:39759 ->
95.32.209.62:10951 1 95 1
2011-10-19 09:34:09.998 0.000 UDP 10.7.8.51:39759 ->
94.45.20.135:35691 1 95 1
2011-10-19 09:34:09.998 0.000 UDP 10.7.8.51:39759 ->
95.31.31.38:42219 1 95 1
2011-10-19 09:34:09.998 0.000 UDP 10.7.8.51:39759 ->
95.134.28.165:49557 1 95 1
2011-08-30 16:31:23.415 4294966.609 TCP 10.7.8.51:4677 ->
95.72.152.15:59368 5 294 1
2011-08-30 16:31:23.415 4294966.609 TCP 95.72.152.15:59368 ->
10.7.8.51:4677 3 128 1
...
...
Wrong "Date flow start" and "Duration Proto" ...
PS: On the page http://www.freebsd.org/ru/ports/net-mgmt.html for port
softflowd-0.9.8_2 we need packages: gettext-0.18.1.1, gmake-3.82,
libiconv-1.13.1_1, but we haven't install gmake-3.82 before ... It can
be a reason?
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list