Packets don't flow from ng_netflow
Maksim Yevmenkin
maksim.yevmenkin at savvis.net
Wed Jun 1 11:10:57 PDT 2005
Matthew Reimer wrote:
> I'm trying to use ng_netflow to monitor our network traffic but for some
> reason NetFlow packets aren't emitted unless tcpdump is running on the
> interface configured with ng_netflow.
>
> The box is running FreeBSD 4.11-STABLE and the latest ng_netflow from ports.
> It has two NICs: the main NIC fxp0 which is configured for IP, and a second
> NIC dc0 which is up but with no IP configuration. I've configured port
> mirroring on our Cisco switch to tee all traffic going through our upstream
> port to dc0:
>
> # ifconfig dc0
> dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> ether 00:04:5a:79:72:f7
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
>
> netgraph config:
>
> + mkpeer dc0: netflow lower iface0
> + name dc0:lower netflow
> + mkpeer netflow: ksocket export inet/dgram/udp
> + msg netflow:export connect inet/192.168.1.2:1234
>
>
> The problem is that no NetFlow packets are emitted unless I run tcpdump on
> dc0. Is this not a valid configuration? Or is there a bug in
> netgraph/ng_netflow?
nope. tcpdump(1) puts interface into promiscuous mode. by default your
dc0 interface will only pick packets destined for it and/or broadcast
packets. please use
# ifconfig dc0 promisc
thanks,
max
More information about the freebsd-net
mailing list