The culprit was my local iptables. I can't believe I overlooked
something that simple. Thanks to all for your assistance! ~Dwann
Dwann A. Hall
Information Technology Services
Kennesaw State University
[EMAIL PROTECTED]
>>> Jonathan Glass <[EMAIL PROTECTED]> 4/20/2007 8:00:10 AM
>>>
Dwann Hall wrote:
> [EMAIL PROTECTED] CUFlow-1.7]# /usr/local/netflow/bin/flow-stat -f10 <
> /var/netflow/ft/ft-v05.2007-04-19.142823-0400
> # --- ---- ---- Report Information --- --- ---
> #
> # Fields: Total
> # Symbols: Disabled
> # Sorting: None
> # Name: Source/Destination IP
> #
> # Args: /usr/local/netflow/bin/flow-stat -f10
> #
> #
> # src IPaddr dst IPaddr flows octets
> packets
> #
> [EMAIL PROTECTED] CUFlow-1.7]#
>
> The flow-capture statment is:
> [EMAIL PROTECTED] ft]# cat /etc/init.d/flow-capture-init
> #!/bin/sh
> # description: Start Flow-Capture
> # chkconfig: 2345 95 00
>
> case "$1" in
> 'start')
>
> /usr/local/netflow/bin/flow-capture -w /var/netflow/ft 0/0/2055 -S5
-V5
> -E1G -n 287 -N 0 -R /usr/local/netflow/bin/linkme
> touch /var/lock/subsys/startflows
> ;;
> 'stop')
>
> killall -9 /usr/local/netflow/bin/flow-capture
> rm -f /var/lock/subsys/startflows
> ;;
>
> *)
>
> echo "Usage: $0 { start | stop }"
> ;;
>
> esac
> exit 0
> [EMAIL PROTECTED] ft]#
>
>
>
> Dwann A. Hall
> Information Technology Services
> Kennesaw State University
> [EMAIL PROTECTED]
Just out of curiosity, what do your host-based firewall rules look
like?
Are any capture files being created, and if so, what are their
sizes?
Feel free to call me if you'd like to trade notes over the phone. I
have a flow collection box which handles 14K flow/second, writing them
out to 1.5TB of SAN storage, which I've had running for almost 2
years.
--
Jonathan Glass
Information Security Engineer III
OIT Information Security
Georgia Institute of Technology
258 4th St NW
Atlanta, Georgia 30332-0700
404-385-6900
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
