From kholson at gmail.com Fri Jan 8 11:33:07 2010 From: kholson at gmail.com (Kirk Olson) Date: Fri Jan 8 11:33:14 2010 Subject: [Flow-tools] new install Message-ID: Thanks all for hearing my plight. flow-capture is running and tcpdump reports incoming udp packets but files are not being written in the directory specified. I am using the following command to start the capture: flow-capture -w /flows/mkflows 0/0/9800 -S5 -n287 I am running Fedora 10 and am sure I am missing something simple. I am not particularly good with the Linux OS but am willing to learn. ;-) Kirk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.splintered.net/pipermail/flow-tools/attachments/20100108/839df347/attachment.htm From eravin at panix.com Fri Jan 8 12:19:57 2010 From: eravin at panix.com (Ed Ravin) Date: Fri Jan 8 12:20:01 2010 Subject: [Flow-tools] new install In-Reply-To: References: Message-ID: <20100108171957.GD16156@panix.com> On Fri, Jan 08, 2010 at 10:33:07AM -0600, Kirk Olson wrote: > flow-capture is running and tcpdump reports incoming udp packets but > files are not being written in the directory specified. I am using the > following command to start the capture: > > flow-capture -w /flows/mkflows 0/0/9800 -S5 -n287 Put the "0/0/9800" last on the command line, after all the hyphenated options. Make sure the /flows/mkflows directory exists. Also, check with tcpdump that the incoming UDP packets are destined for port 9800. Check the syslogs for any errors from flow-capture. Use "lsof -p " to make sure flow-capture is listening to the right UDP port. If all else fails, use "strace -p " to trace through what it's doing or not doing. From kholson at gmail.com Fri Jan 8 12:49:46 2010 From: kholson at gmail.com (Kirk Olson) Date: Fri Jan 8 12:49:50 2010 Subject: [Flow-tools] new install In-Reply-To: <20100108171957.GD16156@panix.com> References: <20100108171957.GD16156@panix.com> Message-ID: Do the following lines provide any clues: Jan 8 17:40:46 Monitor02 flow-capture[12371]: ftpdu version not set. Jan 8 17:40:46 Monitor02 flow-capture[12371]: ftpdu_verify(): src_ip=192.168.222.1 failed. Kirk On Fri, Jan 8, 2010 at 11:19 AM, Ed Ravin wrote: > On Fri, Jan 08, 2010 at 10:33:07AM -0600, Kirk Olson wrote: > > flow-capture is running and tcpdump reports incoming udp packets but > > files are not being written in the directory specified. I am using the > > following command to start the capture: > > > > flow-capture -w /flows/mkflows 0/0/9800 -S5 -n287 > > Put the "0/0/9800" last on the command line, after all the hyphenated > options. > > Make sure the /flows/mkflows directory exists. > > Also, check with tcpdump that the incoming UDP packets are destined for > port 9800. > > Check the syslogs for any errors from flow-capture. > > Use "lsof -p " to make sure flow-capture is listening > to the right UDP port. > > If all else fails, use "strace -p " to trace through > what it's doing or not doing. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.splintered.net/pipermail/flow-tools/attachments/20100108/1a59dbdb/attachment.htm From jloiacon at csc.com Fri Jan 8 13:20:20 2010 From: jloiacon at csc.com (Joe Loiacono) Date: Fri Jan 8 13:20:31 2010 Subject: [Flow-tools] new install In-Reply-To: References: Message-ID: Also make sure there is no firewall (iptables) blocking things. the f/w blocks packets after tcpdump. Joe Loiacono |------------> | From: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |Kirk Olson | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | To: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |flow-tools@list.splintered.net | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Date: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |01/08/2010 11:34 AM | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Subject: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |[Flow-tools] new install | >--------------------------------------------------------------------------------------------------------------------------------------------------| Thanks all for hearing my plight. flow-capture is running and tcpdump reports incoming udp packets but files are not being written in the directory specified. I am using the following command to start the capture: flow-capture -w /flows/mkflows 0/0/9800 -S5 -n287 I am running Fedora 10 and am sure I am missing something simple. I am not particularly good with the Linux OS but am willing to learn. ;-) Kirk_______________________________________________ Flow-tools mailing list flow-tools@splintered.net http://mailman.splintered.net/mailman/listinfo/flow-tools From kholson at gmail.com Fri Jan 8 13:54:53 2010 From: kholson at gmail.com (Kirk Olson) Date: Fri Jan 8 13:55:01 2010 Subject: [Flow-tools] new install In-Reply-To: References: Message-ID: I was using version 9 on the router. Version 9 would error out on flow-capture so I changed the version to 5 on the router and now I have flows being written. I did also disable iptables and ip6tables (?) per Craig and Joe. I will test now if those are getting in the way too. Many thanks to all. Kirk On Fri, Jan 8, 2010 at 12:20 PM, Joe Loiacono wrote: > Also make sure there is no firewall (iptables) blocking things. the f/w > blocks packets after tcpdump. > > Joe Loiacono > > > |------------> > | From: | > |------------> > > >--------------------------------------------------------------------------------------------------------------------------------------------------| > |Kirk Olson > | > > >--------------------------------------------------------------------------------------------------------------------------------------------------| > |------------> > | To: | > |------------> > > >--------------------------------------------------------------------------------------------------------------------------------------------------| > |flow-tools@list.splintered.net > | > > >--------------------------------------------------------------------------------------------------------------------------------------------------| > |------------> > | Date: | > |------------> > > >--------------------------------------------------------------------------------------------------------------------------------------------------| > |01/08/2010 11:34 AM > | > > >--------------------------------------------------------------------------------------------------------------------------------------------------| > |------------> > | Subject: | > |------------> > > >--------------------------------------------------------------------------------------------------------------------------------------------------| > |[Flow-tools] new install > | > > >--------------------------------------------------------------------------------------------------------------------------------------------------| > > > > > > Thanks all for hearing my plight. > > flow-capture is running and tcpdump reports incoming udp packets but files > are not being written in the directory specified. I am using the following > command to start the capture: > > flow-capture -w /flows/mkflows 0/0/9800 -S5 -n287 > > I am running Fedora 10 and am sure I am missing something simple. I am not > particularly good with the Linux OS but am willing to learn. ;-) > > Kirk_______________________________________________ > Flow-tools mailing list > flow-tools@splintered.net > http://mailman.splintered.net/mailman/listinfo/flow-tools > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.splintered.net/pipermail/flow-tools/attachments/20100108/f2edecee/attachment.htm From jloiacon at csc.com Fri Jan 8 14:09:55 2010 From: jloiacon at csc.com (Joe Loiacono) Date: Fri Jan 8 14:10:07 2010 Subject: [Flow-tools] new install In-Reply-To: References: Message-ID: Kirk, Once you get flow-tools going, you might want to consider FlowViewer ( http://ensight.eos.nasa.gov/FlowViewer ). FlowViewer is a companion tool to flow-tools which gives you a web interface. FlowViewer provides text, graphing and MRTG-like tracking features. Joe |------------> | From: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |Kirk Olson | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | To: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |flow-tools@list.splintered.net | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Date: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |01/08/2010 01:55 PM | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Subject: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |Re: [Flow-tools] new install | >--------------------------------------------------------------------------------------------------------------------------------------------------| I was using version 9 on the router. Version 9 would error out on?flow-capture so I changed the version to 5 on the router? and now I have flows being written. I did also disable iptables and ip6tables (?) per Craig and Joe. I will test now if those are getting in the way too. Many thanks to al Kirk On Fri, Jan 8, 2010 at 12:20 PM, Joe Loiacono wrote: Also make sure there is no firewall (iptables) blocking things. the f/w blocks packets after tcpdump. Joe Loiacono |------------> | From: ? ? ?| |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| ?|Kirk Olson | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | To: ? ? ? ?| |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| ?|flow-tools@list.splintered.net | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Date: ? ? ?| |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| ?|01/08/2010 11:34 AM | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Subject: ? | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| ?|[Flow-tools] new install | >--------------------------------------------------------------------------------------------------------------------------------------------------| Thanks all for hearing my plight. flow-capture is running and tcpdump reports incoming udp packets but files are not being written in the directory specified. I am using the following command to start the capture: flow-capture -w /flows/mkflows 0/0/9800 -S5 -n287 I am running Fedora 10 and am sure I am missing something simple. I am not particularly good with the Linux OS but am willing to learn. ;-) Kirk_______________________________________________ Flow-tools mailing list flow-tools@splintered.net http://mailman.splintered.net/mailman/listinfo/flow-tools _______________________________________________ Flow-tools mailing list flow-tools@splintered.net http://mailman.splintered.net/mailman/listinfo/flow-tools