On 26/03/16 17:02, Eike Lantzsch wrote:
Hi:
For learning purposes I want to set up collecting NetFlow data from my small
office router (5.8 release on a PC-Engines Alix 2D13 device).
I'm trying to follow
http://bsdly.blogspot.ca/2014/02/yes-you-too-can-be-evil-network.html
and I have Peter N. M. Hansteen's fine Book of PF (3) at hand - chapter 9
"Collecting NetFlow Data with pflow(4)".
However I seem to have a hard time to understand some details.
I set up
/etc/pf.conf
# options:
set state-defaults pflow
and
/etc/hostname.pflow0
and get this:
# ifconfig pflow0
pflow0: flags=41<UP,RUNNING> mtu 1448
priority: 0
pflow: sender: 192.168.12.1 receiver: 192.168.12.31:9995 version: 10
groups: pflow
192.168.12 is my internal small network. I plan to set up a collector on
192.168.12.31, which is an OpenBSD-vm on my work station.
(Did I get this right? Or should I use the address which I get from my ISP as
a souce address?)
However
# tcpdump -nettti pflow0
tcpdump: Failed to open bpf device for pflow0: Device not configured
In /dev/ I got bpf0 up to bpf9
I did not set up a collector right now - just wanted to see if I get any
NetFlow data.
What did I miss setting up the pflow pseudo-device?
Try
tcpdump -i vr0 host 192.168.12.31 and port 9995
if vr0 is the interface to 192.168.1.31
G
