[Flow-tools] Strange ip addresses in flow_capture log files

Wed, 27 Mar 2013 23:52:12 -0700 

On my freebsd box:

#uname -rimp
9.1-STABLE amd64 amd64 GENERIC
flow_tools:

> pkg_info -x flow
Information for flow-tools-0.68_7:


Collector is ng_flow, started with

    /usr/sbin/ngctl mkpeer ipfw: netflow 30 iface0
    /usr/sbin/ngctl name ipfw:30 netflow

    /usr/sbin/ngctl msg netflow: setdlt {iface=0 dlt=12}
    /usr/sbin/ngctl msg netflow: setifindex {iface=0 index=5}
    /usr/sbin/ngctl msg netflow: settimeouts {inactive=15 active=150}
    /usr/sbin/ngctl mkpeer netflow: ksocket export inet/dgram/udp
    /usr/sbin/ngctl msg netflow:export connect inet/127.0.0.1:9995
And ipfw rule:

02750  59239017674  33111253913522 ngtee 30 ip from any to any via em0
Exported with flow_fanout for flow_capture.

# ps axww | grep flow
15106 ??  Ss        2:50,08 /usr/local/bin/flow-fanout -p
/var/run/flow-capture/flow-fanout.pid 127.0.0.1/0.0.0.0/9995
127.0.0.1/127.0.0.1/9556
16367 ??  Ss       11:28,63 /usr/local/bin/flow-capture -n 95 -N 3 -z
5 -S 5 -E270G -w /var/netflow -p
/var/run/flow-capture/flow-capture.pid 127.0.0.1/0.0.0.0/9556

In log files i see :
Mar 28 09:05:00 rubin flow-capture[16367]: STAT: now=1364439900
startup=1364227269 src_ip=127.0.0.1 dst_ip=65.121.97.1 d_ver=5 pkts=1
flows=30 lost=0 reset=0 filter_drops=0
Mar 28 09:05:00 rubin flow-capture[16367]: STAT: now=1364439900
startup=1364227269 src_ip=127.0.0.1 dst_ip=255.127.0.0 d_ver=5
pkts=1458 flows=43711 lost=21989 reset=1395 filter_drops=0
Mar 28 09:05:00 rubin flow-capture[16367]: STAT: now=1364439900
startup=1364227269 src_ip=127.0.0.1 dst_ip=109.112.100.32 d_ver=5
pkts=446 flows=13380 lost=15933 reset=401 filter_drops=0
Mar 28 09:05:00 rubin flow-capture[16367]: STAT: now=1364439900
startup=1364227269 src_ip=127.0.0.1 dst_ip=12.79.228.1 d_ver=5 pkts=4
flows=120 lost=0 reset=3 filter_drops=0
Mar 28 09:05:00 rubin flow-capture[16367]: STAT: now=1364439900
startup=1364227269 src_ip=127.0.0.1 dst_ip=105.110.100.44 d_ver=5
pkts=465 flows=13950 lost=16443 reset=411 filter_drops=0
Mar 28 09:05:00 rubin flow-capture[16367]: STAT: now=1364439900
startup=1364227269 src_ip=127.0.0.1 dst_ip=8.0.0.0 d_ver=5 pkts=88
flows=2611 lost=210 reset=85 filter_drops=0
Mar 28 09:05:00 rubin flow-capture[16367]: STAT: now=1364439900
startup=1364227269 src_ip=127.0.0.1 dst_ip=82.111.119.115 d_ver=5
pkts=449 flows=13412 lost=11044 reset=409 filter_drops=0


What is that ips in dst_ip 65.121.97.1 , 255.127.0.0, 109.112.100.32 etc?

I was tryed start flow_capture without flow_fanout and nothing was changed.

Is it flow_capture bug, or collector bug? Or maybe its  my fault in some config?
_______________________________________________
Flow-tools mailing list
[email protected]
http://mailman.splintered.net/mailman/listinfo/flow-tools

Reply via email to