ng_netflow
Gleb Smirnoff
glebius at FreeBSD.org
Fri May 29 13:26:33 UTC 2015
On Tue, May 26, 2015 at 06:36:47PM +0500, Eugene M. Zheganin wrote:
E> I'm using ng_netflow along with flow-tools to collect traffic statistics.
E> What is bothering me, is that I constantly see lost flow. What is even
E> more weird - is that ng_netflow and flow-capture are on the same host,
E> and are communication via lo0:
Flows can be lost due to buffer overflows in the UDP socket, in the
interface queue, in the network itself. That's nature of UDP.
E> May 26 18:33:16 balancer1 flow-capture[67265]: ftpdu_seq_check():
E> src_ip=127.0.0.1 dst_ip=49.51.57.55 d_version=5 expect
E> ing=2033661856 received=2033666446 lost=4590
E> May 26 18:33:17 balancer1 flow-capture[67265]: ftpdu_seq_check():
E> src_ip=127.0.0.1 dst_ip=0.0.0.0 d_version=5 expecting=
E> 2033666446 received=2033666476 lost=30
E> May 26 18:33:17 balancer1 flow-capture[67265]: ftpdu_seq_check():
E> src_ip=127.0.0.1 dst_ip=49.52.48.48 d_version=5 expect
E> ing=2033461677 received=2033666926 lost=205249
E> May 26 18:33:17 balancer1 flow-capture[67265]: ftpdu_seq_check():
E> src_ip=127.0.0.1 dst_ip=0.0.0.0 d_version=5 expecting=
E> 2033666926 received=2033666956 lost=30
E>
E> Plus I see weird IPs like "dst_ip=0.0.0.0" or "dst_ip=0.2.0.4".
E> Can someone point me what m I doing wrong ?
Not sure what traffic can cause that. You need to debug that.
--
Totus tuus, Glebius.
More information about the freebsd-net
mailing list