On Tue, May 26, 2015 at 06:36:47PM +0500, Eugene M. Zheganin wrote: E> I'm using ng_netflow along with flow-tools to collect traffic statistics. E> What is bothering me, is that I constantly see lost flow. What is even E> more weird - is that ng_netflow and flow-capture are on the same host, E> and are communication via lo0:
Flows can be lost due to buffer overflows in the UDP socket, in the interface queue, in the network itself. That's nature of UDP. E> May 26 18:33:16 balancer1 flow-capture[67265]: ftpdu_seq_check(): E> src_ip=127.0.0.1 dst_ip=49.51.57.55 d_version=5 expect E> ing=2033661856 received=2033666446 lost=4590 E> May 26 18:33:17 balancer1 flow-capture[67265]: ftpdu_seq_check(): E> src_ip=127.0.0.1 dst_ip=0.0.0.0 d_version=5 expecting= E> 2033666446 received=2033666476 lost=30 E> May 26 18:33:17 balancer1 flow-capture[67265]: ftpdu_seq_check(): E> src_ip=127.0.0.1 dst_ip=49.52.48.48 d_version=5 expect E> ing=2033461677 received=2033666926 lost=205249 E> May 26 18:33:17 balancer1 flow-capture[67265]: ftpdu_seq_check(): E> src_ip=127.0.0.1 dst_ip=0.0.0.0 d_version=5 expecting= E> 2033666926 received=2033666956 lost=30 E> E> Plus I see weird IPs like "dst_ip=0.0.0.0" or "dst_ip=0.2.0.4". E> Can someone point me what m I doing wrong ? Not sure what traffic can cause that. You need to debug that. -- Totus tuus, Glebius. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
