-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 23/01/2012 11:55, Adrian Popa wrote: > It is possible (though unlikely) that the packets you see don't > contain flow data, but contain flow template data. You should do a > packet capture for about 5 minutes and analyse it with wireshark > (select Decode as... -> Cflow).
It's a fairly busy network that I'm exporting v9 flows from, I wouldn't expect it to only contain templates. I've double checked with wireshark and I'm only seeing records and no templates. > You should check your router to see if you have "flow-time expire" > set or not. You should set it to 5 minutes, to force the expiry of > your flows every 5 minutes. This will ensure you get your data > constantly, not all at once when the cache entry expires. I don't have access to the routers but I've been told that the active timeout is 60s and the inactive timeout is 30s. So I'm still at a loss :) James - -- James Davis 0300 999 2340 (+44 1235 822340) Senior CSIRT Member Lumen House, Library Avenue, Didcot, Oxfordshire, OX11 0SG -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREIAAYFAk8dX6sACgkQjsS2Y6D6yLz0OgEApGWHkr/r9N1lsCc5ESvBaXRM MIwebHapKUOrsE8w2HwA/jX/sL3eVl4sc68Ev2bGo+Djg2RfeUhTWv6WQkaUaXu7 =vT+q -----END PGP SIGNATURE----- JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
