Matthew Reimer wrote:
I'm trying to use ng_netflow to monitor our network traffic but for some
reason NetFlow packets aren't emitted unless tcpdump is running on the
interface configured with ng_netflow.
The box is running FreeBSD 4.11-STABLE and the latest ng_netflow from ports.
It has two NICs: the main NIC fxp0 which is configured for IP, and a second
NIC dc0 which is up but with no IP configuration. I've configured port
mirroring on our Cisco switch to tee all traffic going through our upstream
port to dc0:
# ifconfig dc0
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:04:5a:79:72:f7
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
netgraph config:
+ mkpeer dc0: netflow lower iface0
+ name dc0:lower netflow
+ mkpeer netflow: ksocket export inet/dgram/udp
+ msg netflow:export connect inet/192.168.1.2:1234
The problem is that no NetFlow packets are emitted unless I run tcpdump on
dc0. Is this not a valid configuration? Or is there a bug in
netgraph/ng_netflow?
nope. tcpdump(1) puts interface into promiscuous mode. by default your
dc0 interface will only pick packets destined for it and/or broadcast
packets. please use
# ifconfig dc0 promisc
thanks,
max
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
