Re: [Nfdump-discuss] nfdump on centos 6 - my first time - assistance please

Peter Haag Mon, 01 Apr 2013 06:44:33 -0700

Make sure, you do have open all your firewall and SE Linux rules.
tcpdump captures the packet before the kernel sees it. Therefore
something in the chain blocks your packets.


        - Peter

On 30/3/13 3:56 PM, Aaron wrote:
> Hi All, I'm new to the list, and also new to nfdump/nfsen.  I have begun
> trying to install and get running nfdump, please provide guidance where you
> are able... I also haven't begun installing nfsen since I thought that
> nfdump needed to work first before nfsen should be installed, and I am
> thinking that nfdump may not be working yet...let me know what you think.
> 
>  
> 
> I'm following the instructions on this site...
> http://www.3open.org/d/tips/install_nfdump_on_centos_5  ...the only thing I
> haven't done on this site is the part at the bottom titled "init script for
> nfcapd" ...do I need to do that part?  If so how?
> 
>  
> 
> I've gotten through most all the steps and I see the following...it seems
> the files are being built but I don't see anything in the files... 
> 
>  
> 
> I do know that my router is sending netflow exported data to udp 9995 since
> tcpdump on this host shows it arriving here.
> 
>  
> 
> [root@me ~]# ls -la /var/cache/nfdump/2013
> 
> total 12
> 
> drwxr-xr-x. 3 netflow netflow 4096 Mar 29 09:45 .
> 
> drwxr-xr-x. 3 netflow netflow 4096 Mar 30 10:45 ..
> 
> drwxr-xr-x. 4 netflow netflow 4096 Mar 30 00:05 03
> 
>  
> 
> [root@me ~]# ls -la /var/cache/nfdump/2013/03
> 
> total 16
> 
> drwxr-xr-x.  4 netflow netflow 4096 Mar 30 00:05 .
> 
> drwxr-xr-x.  3 netflow netflow 4096 Mar 29 09:45 ..
> 
> drwxr-xr-x. 17 netflow netflow 4096 Mar 29 23:05 29
> 
> drwxr-xr-x. 13 netflow netflow 4096 Mar 30 10:05 30
> 
>  
> 
> [root@me ~]# ls -la /var/cache/nfdump/2013/03/30
> 
> total 52
> 
> drwxr-xr-x. 13 netflow netflow 4096 Mar 30 10:05 .
> 
> drwxr-xr-x.  4 netflow netflow 4096 Mar 30 00:05 ..
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 01:00 00
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 02:00 01
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 03:00 02
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 04:00 03
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 05:00 04
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 06:00 05
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 07:00 06
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 08:00 07
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 09:00 08
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 10:00 09
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 10:45 10
> 
>  
> 
> [root@me ~]# ls -la /var/cache/nfdump/2013/03/30/10
> 
> total 44
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 10:45 .
> 
> drwxr-xr-x. 13 netflow netflow 4096 Mar 30 10:05 ..
> 
> -rw-r--r--.  1 netflow netflow  276 Mar 30 10:05 nfcapd.201303301000
> 
> -rw-r--r--.  1 netflow netflow  276 Mar 30 10:10 nfcapd.201303301005
> 
> -rw-r--r--.  1 netflow netflow  276 Mar 30 10:15 nfcapd.201303301010
> 
> -rw-r--r--.  1 netflow netflow  276 Mar 30 10:20 nfcapd.201303301015
> 
> -rw-r--r--.  1 netflow netflow  276 Mar 30 10:25 nfcapd.201303301020
> 
> -rw-r--r--.  1 netflow netflow  276 Mar 30 10:30 nfcapd.201303301025
> 
> -rw-r--r--.  1 netflow netflow  276 Mar 30 10:35 nfcapd.201303301030
> 
> -rw-r--r--.  1 netflow netflow  276 Mar 30 10:40 nfcapd.201303301035
> 
> -rw-r--r--.  1 netflow netflow  276 Mar 30 10:45 nfcapd.201303301040
> 
>  
> 
> [root@me ~]# nfdump -R /var/cache/nfdump/2013/03/30/10/nfcapd.201303301000
> 
> Date first seen          Duration Proto      Src IP Addr:Port          Dst
> IP Addr:Port   Packets    Bytes Flows
> 
> No matched flows
> 
>  
> 
> [root@me ~]# nfdump -R /var/cache/nfdump/2013/03/30/10/nfcapd.201303301005
> 
> Date first seen          Duration Proto      Src IP Addr:Port          Dst
> IP Addr:Port   Packets    Bytes Flows
> 
> No matched flows
> 
>  
> 
> [root@me ~]# nfdump -R /var/cache/nfdump/2013/03/30/10/nfcapd.201303301040
> 
> Date first seen          Duration Proto      Src IP Addr:Port          Dst
> IP Addr:Port   Packets    Bytes Flows
> 
> No matched flows
> 
>  
> 
> [root@me ~]# tcpdump -i eth0 -nn | grep -i 9995
> 
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> 
> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
> 
> 10:51:56.504510 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 252
> 
> 10:51:57.506593 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 880
> 
> 10:51:59.510514 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 708
> 
> 10:52:00.513018 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1336
> 
> 10:52:00.513521 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:00.513597 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:00.513620 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:00.513641 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:00.513661 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1392
> 
> 10:52:00.513722 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:00.513754 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:00.513805 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:00.513820 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 368
> 
> 10:52:01.515624 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:01.516152 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:01.517030 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:01.517087 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:01.517100 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:01.517111 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> ^C114 packets captured
> 
> 114 packets received by filter
> 
> 0 packets dropped by kernel
> 
>  
> 
>  
> 
> Aaron
> 
>  
> 
> 
> 
> 
> ------------------------------------------------------------------------------
> Own the Future-Intel(R) Level Up Game Demo Contest 2013
> Rise to greatness in Intel's independent game demo contest. Compete 
> for recognition, cash, and the chance to get your game on Steam. 
> $5K grand prize plus 10 genre and skill prizes. Submit your demo 
> by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
> 
> 
> 
> _______________________________________________
> Nfdump-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
> 

-- 
Be nice to your netflow data. Use NfSen and nfdump :)

------------------------------------------------------------------------------
Own the Future-Intel&reg; Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game 
on Steam. $5K grand prize plus 10 genre and skill prizes. 
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Re: [Nfdump-discuss] nfdump on centos 6 - my first time - assistance please

Reply via email to