Re: [Nfdump-discuss] nfdump on centos 6 - my first time - assistance please

Aaron Mon, 01 Apr 2013 06:16:57 -0700

[root@me ~]# ps -wef | grep nfcapd

root      3141  3121  0 09:15 pts/4    00:00:00 grep nfcapd


netflow  21408     1  0 Mar29 ?        00:00:00 nfcapd -D -l /var/cache/nfdump 
-w -S 2 -z -u netflow -g netflow -p 9995

 

 

From: Mon-Loi Perez [mailto:[email protected]] 
Sent: Monday, April 01, 2013 6:53 AM
To: Aaron
Cc: <[email protected]>
Subject: Re: [Nfdump-discuss] nfdump on centos 6 - my first time - assistance 
please

 

What is the version of your netflow?do a $ps -wef | grep nfcapd to see your 
nfcapd options. Or you can also try nfcapd -E for debugging but make sure only 
1 instance of nfcapd is running.

 

Mon


On Mar 30, 2013, at 22:56, "Aaron" <[email protected]> wrote:

Hi All, I’m new to the list, and also new to nfdump/nfsen.  I have begun trying 
to install and get running nfdump, please provide guidance where you are 
able... I also haven’t begun installing nfsen since I thought that nfdump 
needed to work first before nfsen should be installed, and I am thinking that 
nfdump may not be working yet...let me know what you think.

 

I’m following the instructions on this site...  
http://www.3open.org/d/tips/install_nfdump_on_centos_5  ...the only thing I 
haven’t done on this site is the part at the bottom titled “init script for 
nfcapd” ...do I need to do that part?  If so how?

 

I’ve gotten through most all the steps and I see the following...it seems the 
files are being built but I don’t see anything in the files... 

 

I do know that my router is sending netflow exported data to udp 9995 since 
tcpdump on this host shows it arriving here.

 

[root@me ~]# ls -la /var/cache/nfdump/2013

total 12

drwxr-xr-x. 3 netflow netflow 4096 Mar 29 09:45 .

drwxr-xr-x. 3 netflow netflow 4096 Mar 30 10:45 ..

drwxr-xr-x. 4 netflow netflow 4096 Mar 30 00:05 03

 

[root@me ~]# ls -la /var/cache/nfdump/2013/03

total 16

drwxr-xr-x.  4 netflow netflow 4096 Mar 30 00:05 .

drwxr-xr-x.  3 netflow netflow 4096 Mar 29 09:45 ..

drwxr-xr-x. 17 netflow netflow 4096 Mar 29 23:05 29

drwxr-xr-x. 13 netflow netflow 4096 Mar 30 10:05 30

 

[root@me ~]# ls -la /var/cache/nfdump/2013/03/30

total 52

drwxr-xr-x. 13 netflow netflow 4096 Mar 30 10:05 .

drwxr-xr-x.  4 netflow netflow 4096 Mar 30 00:05 ..

drwxr-xr-x.  2 netflow netflow 4096 Mar 30 01:00 00

drwxr-xr-x.  2 netflow netflow 4096 Mar 30 02:00 01

drwxr-xr-x.  2 netflow netflow 4096 Mar 30 03:00 02

drwxr-xr-x.  2 netflow netflow 4096 Mar 30 04:00 03

drwxr-xr-x.  2 netflow netflow 4096 Mar 30 05:00 04

drwxr-xr-x.  2 netflow netflow 4096 Mar 30 06:00 05

drwxr-xr-x.  2 netflow netflow 4096 Mar 30 07:00 06

drwxr-xr-x.  2 netflow netflow 4096 Mar 30 08:00 07

drwxr-xr-x.  2 netflow netflow 4096 Mar 30 09:00 08

drwxr-xr-x.  2 netflow netflow 4096 Mar 30 10:00 09

drwxr-xr-x.  2 netflow netflow 4096 Mar 30 10:45 10

 

[root@me ~]# ls -la /var/cache/nfdump/2013/03/30/10

total 44

drwxr-xr-x.  2 netflow netflow 4096 Mar 30 10:45 .

drwxr-xr-x. 13 netflow netflow 4096 Mar 30 10:05 ..

-rw-r--r--.  1 netflow netflow  276 Mar 30 10:05 nfcapd.201303301000

-rw-r--r--.  1 netflow netflow  276 Mar 30 10:10 nfcapd.201303301005

-rw-r--r--.  1 netflow netflow  276 Mar 30 10:15 nfcapd.201303301010

-rw-r--r--.  1 netflow netflow  276 Mar 30 10:20 nfcapd.201303301015

-rw-r--r--.  1 netflow netflow  276 Mar 30 10:25 nfcapd.201303301020

-rw-r--r--.  1 netflow netflow  276 Mar 30 10:30 nfcapd.201303301025

-rw-r--r--.  1 netflow netflow  276 Mar 30 10:35 nfcapd.201303301030

-rw-r--r--.  1 netflow netflow  276 Mar 30 10:40 nfcapd.201303301035

-rw-r--r--.  1 netflow netflow  276 Mar 30 10:45 nfcapd.201303301040

 

[root@me ~]# nfdump -R /var/cache/nfdump/2013/03/30/10/nfcapd.201303301000

Date first seen          Duration Proto      Src IP Addr:Port          Dst IP 
Addr:Port   Packets    Bytes Flows

No matched flows

 

[root@me ~]# nfdump -R /var/cache/nfdump/2013/03/30/10/nfcapd.201303301005

Date first seen          Duration Proto      Src IP Addr:Port          Dst IP 
Addr:Port   Packets    Bytes Flows

No matched flows

 

[root@me ~]# nfdump -R /var/cache/nfdump/2013/03/30/10/nfcapd.201303301040

Date first seen          Duration Proto      Src IP Addr:Port          Dst IP 
Addr:Port   Packets    Bytes Flows

No matched flows

 

[root@me ~]# tcpdump -i eth0 -nn | grep -i 9995

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

10:51:56.504510 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 252

10:51:57.506593 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 880

10:51:59.510514 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 708

10:52:00.513018 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1336

10:52:00.513521 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452

10:52:00.513597 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452

10:52:00.513620 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452

10:52:00.513641 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452

10:52:00.513661 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1392

10:52:00.513722 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452

10:52:00.513754 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452

10:52:00.513805 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452

10:52:00.513820 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 368

10:52:01.515624 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452

10:52:01.516152 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452

10:52:01.517030 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452

10:52:01.517087 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452

10:52:01.517100 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452

10:52:01.517111 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452

^C114 packets captured

114 packets received by filter

0 packets dropped by kernel

 

 

Aaron

 

------------------------------------------------------------------------------
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete 
for recognition, cash, and the chance to get your game on Steam. 
$5K grand prize plus 10 genre and skill prizes. Submit your demo 
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2

_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

------------------------------------------------------------------------------
Own the Future-Intel&reg; Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game 
on Steam. $5K grand prize plus 10 genre and skill prizes. 
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d

_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Re: [Nfdump-discuss] nfdump on centos 6 - my first time - assistance please

Reply via email to