data captured by fprobe but not shown on nfsen

[Ren, James (China)]

Dear all,

 

I started to use FreeBSD last week and encountered a few problems. I'd
be grateful if any of you could give a hand.

 

I installed FreeBSD 7.2 on Dell GX520 with two network adaptors, one
on-board and the other PCI addon. They are all 10/100 baseT auto. The
workstation has 2.8GHz CPU, 512MB RAM and 80G IDE Hard disk.

 

The installation went successfully. After the FreeBSD was installed, I
firstly installed Apache22, then php5, and nfsen1.3 including Port
Tracker. I have configured apache and nfsen properly so that nfsen.php
page could be viewed properly on other workstations within the network.
Now that I could see the diagrams generated by nfsen, I then installed
fprobe on the same workstation in hope to capture data from one network
interface and projected it as netflow for nfsen. Fprobe was installed
successfully.

 

I configured the on-board network card named as bge0 as dhcp client to
receive ipv4 address from DHCP in my network. I then connected the other
PCI network card named as vr0 to my core Cisco 3560 switch. I configured
on switch to monitor session 1 to mirror g0/22 rx traffic to g0/2 which
was connected to vr0. When I checked on the switch, show inter gi0/2 and
gi0/2 counters. I could see the port was in monitoring status and
overnight about 10G data had been sent to vr0. Physically I could see
the LED on vr0 flickering madly showing the data were transmitting.

 

I typed fprobe -i vr0 127.0.0.1:9995 and also fprobe -i vr0
localhost:9995

 

Here came the problem, when I typed tcpdump -n -i lo0 dst port 9995 I
could see any udp sent to port 9995, no matter how long I waited.

I then typed fprobe 127.0.0.1:9995 and fprobe localhost:9995 (Sorry I
was not sure which one was correct.)

This time tcpdump showed UDP traffic to port 9995 and nfsen did capture
some data. However, after a night it only showed very few traffic
through, most of which were dns and broadcasting traffic! So fprobe
didn't get anything from vr0 at all.

 

I have searched the web and checked the syntax for fprobe and manual
didn't explain much in this.

 

Where was I getting wrong? Could anyone give me a hand?

 

 

Regards,

 

James Ren

 


The British Council is the United Kingdom's international organisation for educational opportunities and cultural relations. We are a registered charity; 209131 (England and Wales) SC037733 (Scotland). We build engagement and trust for the UK through the exchange of knowledge and ideas between people worldwide.

This message is for the use of the intended recipient(s) only. If you have received this message in error, please notify the sender and delete it. The British Council accepts no liability for loss or damage caused by software viruses and you are advised to carry out a virus check on any attachments contained in this message.