Re: [Ntop] Netflow from Sonicwall to ntop 4.0.3

Tue, 02 Nov 2010 12:55:51 -0700 

Alex
I think you are not using the code inside SVN, as I should have fixed the bad 
count bug.

Concerning the zero count, unfortunately I agree with ntop. Please open the 
file you sent with wireshark and you'll see that 

   pdu 1/1
        SrcAddr: 10.34.53.114 (10.34.53.114)
        DstAddr: 212.84.75.150 (212.84.75.150)
        NextHop: 192.168.249.3 (192.168.249.3)
        InputInt: 5
        OutputInt: 8
        Packets: 0 <<<=======
        Octets: 0 <<<=======
        [Duration: 55.733000000 seconds]
        SrcPort: 44756
        DstPort: 443
        padding
        TCP Flags: 0x13
        Protocol: 6
        IP ToS: 0xc5
        SrcAS: 56
        DstAS: 43410
        SrcMask: 11 (prefix: 10.32.0.0/11)
        DstMask: 71 (prefix: 212.0.0.0/71)
        padding

it looks your sonicwall device has some problems. Can you try to update its 
firmware perhaps?

Regards Luca

On Nov 2, 2010, at 5:53 PM, Alex DEKKER wrote:

> Trying to get Netflow working with a Sonicwall as the probe. I can see the 
> packets arriving in ntop but every flow is discarded as "Flows with Zero 
> Packet Count". I have attached a packet capture of the netflow data arriving 
> from the Sonicwall to the ntop box. I have looked at it in Wireshark and it 
> seems OK to me. ntop was started with '-K' but there are no obvious netflow 
> errors in the logs.
> 
> Note that "Lost Flows" seems to be either 0 or 2^32. 
> 
> NetFlow Statistics
> 
> Device 1 - Gatesonic
> Received Flows
> Flow Senders  
> Sender        Pkts    Flows   Lost Flows
> 192.168.249.1:2055    1       2       4,294,967,295
> Packets Received      482
> Packets with Bad Version      0
> Packets Processed     482
> Valid Flows Received  1,676
> Average Number of Flows per Packet    7.0
> V1 Flows Received     0
> V5 Flows Received     1,676
> V7 Flows Received     0
> V9 Data Flows Received        0
> V9 Option Flows Received      0
>  
> Discarded Flows
> Flows with Zero Packet Count  1,676
> Flows with Zero Byte Count    0
> Flows with Bad Data   0
> Flows with Unknown Template   0
> Total Number of Flows Processed       0
> <sonicflowcap.pcap>_______________________________________________
> Ntop mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop

---
We can't solve problems by using the same kind of thinking we used when we 
created them - Albert Einstein

_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

Reply via email to