Hey folks,
First thing, thanks for putting together what appears to be a first-
rate and comprehensive collection of netflow processing tools. I'm
new to flow-tools but have previously used netflow in other
applications.
I'm stumped trying to get a simple test case working: running flow-
receive locally and then (again locally) running flow-gen piped to
flow-send. I can reproduce this issue on both a Fedora Core 5 box and
a CentOS 4.3 box.
Piping flow-gen to flow-print works fine:
[EMAIL PROTECTED] ~]# flow-gen -V5 | flow-print
srcIP dstIP prot srcPort dstPort octets
packets
0.0.0.0 255.255.0.0 17 0 65280 1 1
0.0.0.1 255.255.0.1 17 1 65281 2 2
[...]
0.0.3.230 255.255.3.230 17 998 742 999
999
0.0.3.231 255.255.3.231 17 999 743 1000
1000
Now I run flow-receive, keeping a console open:
[EMAIL PROTECTED] ~]# flow-receive 0/0/9800 | flow-print
flow-receive: setsockopt(size=4194304)
In another console on the same box, I send test flows to localhost on
port 9800:
[EMAIL PROTECTED] ~]# flow-gen -V5 | flow-send -d5 0/127.0.0.1/9800
flow-send: processed 1000 flows
sys: seconds=0.004 flows/second=250000.000000
wall: seconds=0.014 flows/second=70831.562544
As soon as the test flows start hitting flow-receive, it prints many
lines of:
flow-receive: ftpdu_verify(): src_ip=127.0.0.1 failed.
Ctrl-C will exit flow-receive gracefully.
I am seeing this behavior using the binary i386 RPM package from the
Fedora Core 5 Extras repository as well as from an FC5 RPM I build
from the source RPM. I have the same problem on a CentOS 4.3 box w/
an RPM I recompiled for that distribution from the source RPM.
iptables is wide open and SELinux is disabled.
Any help would be greatly appreciated. It looks the ft is a great
package, and I'd really like it to work for me!
Regards,
Ben Feinstein, CISSP
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
