Re: problems with samplicator, anyone able to help?

From: Roman Popov (rvp@demos.su)
Date: Mon Apr 09 2001 - 05:22:03 PDT

  • Next message: Hans Wouters: "What Am I measuring"

    On Mon, Apr 09, 2001 at 01:43:23PM +0200, Piret, Benoit wrote:
    > I have linux Redhat6.1.
    >
    > And it seems that the -S option is not working here :
    > I can see with TCPDUMP that with -S, I don't receive the packet on the
    > remote machine and without I have them.
    >
    > So, to make it working, I guess that I have to add 10.132.1.154 (the station
    > where samplicator runs) as an exporter router in my cflowd.conf ?

    if you do so, and if if you collect flows from more than one router you
    will not be able do distinguish flows from them, they all will seem to come
    from 10.132.1.154, as there is no such thing as "router_ip" in flow packet, and
    cflowd determines router from the source of the packet.

    I think here could be 3 ways :
    contact author
    try to fix program yourself
    use solaris =)

    >
    > Thanks in advance.
    >
    > Benoit
    >
    > -----Original Message-----
    > From: Roman Popov [mailto:rvp@demos.su]
    > Sent: Monday, April 09, 2001 12:40 PM
    > To: Piret, Beno^it
    > Cc: cflowd@caida.org
    > Subject: Re: problems with samplicator, anyone able to help?
    >
    >
    > On Mon, Apr 09, 2001 at 11:58:14AM +0200, "Piret, Beno^it" wrote:
    > > Hi all,
    > > I found in the archive the following message which exactly duplicates my
    > > problem (but , unfortunately for me, I have here the problem, not the
    > answer
    > > :-(
    > > I do on the local (10.132.1.154) machine /usr/local/bin/samplicate -S -p
    > > 9992 10.132.1.96/9991/1 10.132.1.154/9991/1
    > > 10.132.1.154 is the local machine
    > > 10.132.1.96 is the cflowd machine.
    >
    > what OS do you have ?
    > spoofing source ip (in this particular program) doesn't work under FreeBSD
    > 4.x
    > and works under Solaris7. try it without -S to see that you receive flows.
    >
    > >
    > > It seems that on the cflowd machine, I don't receive the flows anymore
    > > Do I have to tell cflowd.conf something about 10.132.1.154 ip address ?
    > >
    > > Thanks in advance.
    > >
    > > Benoit
    > > >>>>> "af" == Andrew Fort <"afort@staff.webcentral.com.au
    > >
    > <mailto:afort@staff.webcentral.com.au?Subject=Re:%20problems%20with%20sampli
    > >
    > cator,%20anyone%20able%20to%20help?&In-Reply-To=<aa66nhx4p7.fsf@limmat.switc
    > > h.ch>> writes:
    > > > I'm using Samplicator 1.2.1, with the "-S" argument (spoof source
    > > > address), my cmdline option is:
    > > > /usr/local/bin/samplicate -S -p 2048 remote.machine/2055/1
    > > > local.machine/2049/1 &
    > > > important: "remote.machine" is in a different subnet to
    > > > "local.machine".
    > > > local.machine is getting the flows correctly (my cflowdmux listens
    > > > on port 2049), but my cflowdmux on remote.machine is not (it's
    > > > listening successfully on port 2055).
    > > Maybe the packets get dropped by an intermediate router because of the
    > > spoofed source address. Are the original NetFlow source (router) and
    > > the samplicator on the same subnet? It could also be another kind of
    > > packet filter on the router path.
    > > > Does samplicate work succesfully pushing the data out through a
    > > > router interface? Anyone had a similar problem?
    > > I sometimes use the samplicator in spoofing mode through a couple of
    > > routers and it works ok (although I tend to lose packets from time to
    > > time when I send them through the whole country :-).
    > > > I have not yet tested placing "remote.machine" in the same subnet as
    > > > "local.machine", this will be my next test (after lunch, when I get
    > > > my hands on this dual 750 machine :)
    > > --
    > > Simon Leinen "simon@babar.switch.ch
    > >
    > <mailto:simon@babar.switch.ch?Subject=Re:%20problems%20with%20samplicator,%2
    > > 0anyone%20able%20to%20help?&In-Reply-To=<aa66nhx4p7.fsf@limmat.switch.ch>
    > > SWITCH
    > <http://www.switch.ch/misc/leinen/>
    > >
    > > Who is General Failure & why's he reading my disk?
    > > --
    > > cflowd mailing list
    > > "cflowd@caida.org
    > >
    > <mailto:cflowd@caida.org?Subject=Re:%20problems%20with%20samplicator,%20anyo
    > > ne%20able%20to%20help?&In-Reply-To=<aa66nhx4p7.fsf@limmat.switch.ch>
    > >
    > >
    > >
    > > ---------------------------------
    > > Benoit Piret
    > > Network Design Engineer - Data
    > >
    > > BT Belgium
    > > Excelsioraan 48-50
    > > B-1930 Zaventem
    > > Tel : +32 27183543
    > > Mob : +32496573543
    > > Email:benoit.piret@bt.be
    > >
    > > --
    > > cflowd mailing list
    > > cflowd@caida.org
    >
    > --
    >
    > wbw
    > Roman Popov
    > --
    > cflowd mailing list
    > cflowd@caida.org

    -- 
    

    wbw Roman Popov -- cflowd mailing list cflowd@caida.org



    This archive was generated by hypermail 2b29 : Mon Apr 09 2001 - 05:26:55 PDT