Subject: Re: protocol data probably missing
From: Dave Plonka (plonka@doit.wisc.edu)
Date: Fri Mar 30 2001 - 08:31:00 CST
On Thu, Mar 29, 2001 at 08:11:24AM +0200, Andreas Klemm wrote: > On Wed, Mar 28, 2001 at 07:58:41AM +0200, Andreas Klemm wrote: > > Hi ! > > > > How can I find out, if my Cisco 2516 router running > > > > Cisco Internetwork Operating System Software > > IOS (tm) 2500 Software (C2500-IOS56I-L), Version 12.2(0.3)T, MAINTENANCE INTERIM SOFTWARE > > System image file is "flash:/c2500-ios56i-l.122-0.3.T" > > > > is really sending protocol data to cflow collector ? > > It sends data ... but I want to know if it is sending statistics > about how many tcp / udp traffic as well as statistics about > what tcp port numbers .... It's basically guarantee dto be sending that info because the protocol and port info is in every version 5 NetFlow record. However, to familiarize yourself with those records, look at your raw flow files with flowdumper. E.g. $ flowdumper flows.current |less $ flowdumper flows.current |ip2hostname |less $ flowdumper -s flows.curent |ip2hostname |less If your not seeing any inbound or outbound traffic in the FlowScan graphs then its probably that the NextHops or OutputIfIndexes or "local_nets.boulder" stuff is misconfigured. Some users have reported some obscure problems with NAT... When you run flowdumper be sure that the output ifIndexes and nexthop values are not zero. (FlowScan skips unicast flows that have zeroes there.) Dave -- plonka@doit.wisc.edu http://net.doit.wisc.edu/~plonka ARS:N9HZF Madison, WI -- Help mailto:majordomo@net.doit.wisc.edu and say "help" in message body Unsubscribe mailto:majordomo@net.doit.wisc.edu and say "unsubscribe flowscan" in message body Archive http://net.doit.wisc.edu/~plonka/list/flowscan/archive/
This archive was generated by hypermail 2b25 : Fri Mar 30 2001 - 08:32:57 CST