2016-11-01 23:20 GMT+03:00 Brian Candler <b.cand...@pobox.com>:
> On 01/11/2016 14:05, SancheZZS . wrote:
>>
>> generated flow
>> 13:40:28.003356 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
>> 13:40:28.003373 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
>> 13:40:28.003392 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
>> 13:40:28.003410 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
>> 13:40:28.003427 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
>> 13:40:28.003444 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
>> 13:40:28.003462 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
>> 13:40:28.003479 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
>>
>> 10.8.1.74 ip of LXC.
>
>
> Where is that tcpdump being captured? Is it actually inside the container?
> If not, I wonder whether the packets are being routed into the container
> properly.
>


It in the container. Also tshark show in container
  1   0.000000 10.11.108.251 -> 10.8.1.74    CFLOW 498 total: 9 (v5) flows
  2   0.002761 10.11.108.251 -> 10.8.1.74    CFLOW 1506 total: 30 (v5) flows
  3   0.002768 10.11.108.251 -> 10.8.1.74    CFLOW 1506 total: 30 (v5) flows
  4   0.002774 10.11.108.251 -> 10.8.1.74    CFLOW 1506 total: 30 (v5) flows
  5   0.002779 10.11.108.251 -> 10.8.1.74    CFLOW 1506 total: 30 (v5) flows
  6   0.002784 10.11.108.251 -> 10.8.1.74    CFLOW 1506 total: 30 (v5) flows
  7   0.002789 10.11.108.251 -> 10.8.1.74    CFLOW 1506 total: 30 (v5) flows
  8   0.002796 10.11.108.251 -> 10.8.1.74    CFLOW 1506 total: 30 (v5) flows
  9   0.002800 10.11.108.251 -> 10.8.1.74    CFLOW 1506 total: 30 (v5) flows
 10   0.002803 10.11.108.251 -> 10.8.1.74    CFLOW 1506 total: 30 (v5) flows
 11   0.002807 10.11.108.251 -> 10.8.1.74    CFLOW 1506 total: 30 (v5) flows
 12   0.002811 10.11.108.251 -> 10.8.1.74    CFLOW 1506 total: 30 (v5) flows
 13   5.000031 10.11.108.251 -> 10.8.1.74    CFLOW 1026 total: 20 (v5) flows

I have checked nfcapd with strace

root@datastor:~# strace -p 13720
strace: Process 13720 attached
recvfrom(4,
0x12a4ac0, 65535, 0, 0x7fffe3842fa0, 0x7fffe3842f74) = ? ERESTARTSYS
(To be restarted if SA_RESTART is set)
--- SIGALRM {si_signo=SIGALRM, si_code=SI_KERNEL} ---
rt_sigreturn({mask=[]})                 = -1 EINTR (Interrupted system call)
alarm(0)                                = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1544, ...}) = 0
lseek(5, 0, SEEK_SET)                   = 0
write(5, "\f\245\1\0\1\0\0\0\0\0\0\0rbth\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
140) = 140
write(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
136) = 136
close(5)                                = 0
stat("/var/tmp/2016/11/03", {st_mode=S_IFDIR|0755, st_size=152, ...}) = 0
rename("/var/tmp/nfcapd.current.13718",
"/var/tmp/2016/11/03/nfcapd.201611031630") = 0
stat("/var/tmp/2016/11/03/nfcapd.201611031630", {st_mode=S_IFREG|0644,
st_size=276, ...}) = 0
semop(1867776, [{0, -1, 0}], 1)         = 0
semop(1867776, [{0, 1, 0}], 1)          = 0
sendto(3, "<30>Nov  3 16:35:10 nfcapd[13720"..., 115, MSG_NOSIGNAL,
NULL, 0) = 115
open("/var/tmp/nfcapd.current.13718", O_RDWR|O_CREAT|O_TRUNC, 0644) = 5
write(5, "\f\245\1\0\1\0\0\0\0\0\0\0rbth\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
140) = 140
write(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
136) = 136
sendto(3, "<30>Nov  3 16:35:10 nfcapd[13720"..., 59, MSG_NOSIGNAL, NULL, 0) = 59
alarm(300)                              = 0
recvfrom(4, ^Cstrace: Process 13720 detached
 <detached ...>



The strings below arouse much interest .
recvfrom(4,
0x12a4ac0, 65535, 0, 0x7fffe3842fa0, 0x7fffe3842f74) = ? ERESTARTSYS
(To be restarted if SA_RESTART is set)
--- SIGALRM {si_signo=SIGALRM, si_code=SI_KERNEL} ---

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to