Dan, please send me the pcap (full packet size) so I can see what happens. Thanks Luca
On 08 Jul 2014, at 18:28, Dan Curfman <[email protected]> wrote: > I am having the same problem that Pablo had in this post, I didn't see any > resolution posted. > > http://listgateway.unipi.it/mailman/private/ntop-misc/2014-January/004092.html > > I'm starting nProbe like this > > nprobe --zmq "tcp://*:5556" --collector-port 4444 -i none -b 2 > > These are the messages we are getting from nProbe. > > 02/Jul/2014 16:10:02 [collect.c:403] Received flow with invalid count > [sentPkts: 0][sentOctets: 0]: discarded [num_flows: 110] > 02/Jul/2014 16:10:02 [collect.c:403] Received flow with invalid count > [sentPkts: 0][sentOctets: 0]: discarded [num_flows: 110] > 02/Jul/2014 16:10:02 [collect.c:403] Received flow with invalid count > [sentPkts: 0][sentOctets: 0]: discarded [num_flows: 110] > > The same lines are repeated over and over, only with incrementing num_flows > count. > > 02/Jul/2014 16:10:07 [collect.c:403] Received flow with invalid count > [sentPkts: 0][sentOctets: 0]: discarded [num_flows: 123] > 02/Jul/2014 16:10:07 [collect.c:403] Received flow with invalid count > [sentPkts: 0][sentOctets: 0]: discarded [num_flows: 123] > 02/Jul/2014 16:10:07 [collect.c:403] Received flow with invalid count > [sentPkts: 0][sentOctets: 0]: discarded [num_flows: 123] > 02/Jul/2014 16:10:07 [collect.c:403] Received flow with invalid count > [sentPkts: 0][sentOctets: 0]: discarded [num_flows: 123] > 02/Jul/2014 16:10:07 [collect.c:403] Received flow with invalid count > [sentPkts: 0][sentOctets: 0]: discarded [num_flows: 123] > 02/Jul/2014 16:10:07 [collect.c:403] Received flow with invalid count > [sentPkts: 0][sentOctets: 0]: discarded [num_flows: 123] > 02/Jul/2014 16:10:07 [collect.c:403] Received flow with invalid count > [sentPkts: 0][sentOctets: 0]: discarded [num_flows: 123] > 02/Jul/2014 16:10:07 [collect.c:403] Received flow with invalid count > [sentPkts: 0][sentOctets: 0]: discarded [num_flows: 123] > 02/Jul/2014 16:10:07 [collect.c:403] Received flow with invalid count > [sentPkts: 0][sentOctets: 0]: discarded [num_flows: 123] > 02/Jul/2014 16:10:07 [collect.c:403] Received flow with invalid count > [sentPkts: 0][sentOctets: 0]: discarded [num_flows: 123] > 02/Jul/2014 16:10:07 [collect.c:403] Received flow with invalid count > [sentPkts: 0][sentOctets: 0]: discarded [num_flows: 123] > 02/Jul/2014 16:10:07 [collect.c:403] Received flow with invalid count > [sentPkts: 0][sentOctets: 0]: discarded [num_flows: 123] > ^C02/Jul/2014 16:10:07 [cache.c:1033] Redis Cache [0 total/0.0 get/sec][0 > total/0.0 set/sec] > 02/Jul/2014 16:10:07 [nprobe.c:386] Received shutdown request... > 02/Jul/2014 16:10:07 [nprobe.c:4232] nProbe is shutting down... > 02/Jul/2014 16:10:07 [nprobe.c:4268] Exporting pending buckets... > 02/Jul/2014 16:10:07 [nprobe.c:4289] Pending buckets have been exported... > 02/Jul/2014 16:10:07 [engine.c:3222] Export thread terminated [exportQueue=0] > 02/Jul/2014 16:10:07 [nprobe.c:4350] Flushing queued flows... > 02/Jul/2014 16:10:07 [nprobe.c:4353] Freeing memory... > 02/Jul/2014 16:10:07 [plugin.c:254] Terminating plugins. > 02/Jul/2014 16:10:07 [cache.c:1033] Redis Cache [0 total/0.0 get/sec][0 > total/0.0 set/sec] > 02/Jul/2014 16:10:07 [nprobe.c:4445] Still allocated 0 hash buckets > 02/Jul/2014 16:10:07 [nprobe.c:2187] Processed packets: 0 (max bucket search: > 0) > 02/Jul/2014 16:10:07 [nprobe.c:2170] Fragment queue length: 0 > 02/Jul/2014 16:10:07 [nprobe.c:2196] Flow export stats: [0 bytes/0 pkts][0 > flows/0 pkts sent] > 02/Jul/2014 16:10:07 [nprobe.c:2203] Flow collection: [collected pkts: > 123][processed flows: 1576] > 02/Jul/2014 16:10:07 [nprobe.c:2206] Flow drop stats: [0 bytes/0 pkts][0 > flows] > 02/Jul/2014 16:10:07 [nprobe.c:2211] Total flow stats: [0 bytes/0 pkts][0 > flows/0 pkts sent] > 02/Jul/2014 16:10:07 [nprobe.c:4458] Cleaning globals > 02/Jul/2014 16:10:07 [nprobe.c:4479] nProbe terminated. > > > The error shows it is discarding the flow data, but the summary shows it is > processing packets, but then nothing shows up in ntopng.. and if I add the > interface on nprobe to look for traffic then I start getting data in ntopng. > so it appears to be an issue with nprobe and the netflow.. but I'm not sure > what to do about it. > > I have a packet capture of the netflows from the ASA available to send to > anyone who might be able to help. > > Let me know if there is any other day that would be helpful in > troubleshooting this. I just installed from the stable repos on July 2nd, so > it should be the most current. > > Thanks, > Dan > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
