Hi thanks I run on server this
Tcpdump -i bge0 -w file.pcap For 3 min When I run Nfdump -r file.pcap I see this error Openfile 'file.pcap' : bad magic: 0xC3D4 Best regards Faridi MyWebSite http://mfaridi.com On Thu, 29 Oct 2020, 19:23 Brian Candler, <b.cand...@pobox.com> wrote: > On 29/10/2020 11:35, Mostaf Faridi wrote: > > I use nfdump-1.6.16_1 > > They installed this version of nfdump on many servers. Only on one > > server, I see core dump. > > Nfdump installed on FreeBSD box and traffic comes from centos OS. > > Where I must run nfdump . on FreeBSD box or Centos box? > > You run nfcapd on whatever server the Netflow packets arrive at. It > writes files containing the netflow data, normally one file every 5 > minutes. > > You run nfdump on whatever server is reading the files written by > nfcapd. It might be the same server, or a different one - e.g. if the > files are shared over NFS. > > > I want know which packages can make cordump. For example which package > > like tcp or udp packages make core dump? > > The operating system writes a core dump when a program crashes, e.g. > because it executes an illegal instruction or tries to access > out-of-bounds memory. > > > If I run tcpdump how I understand which packet make core dump? > > > tcpdump is mainly useful for capturing packets, so you can feed them > back into nfcapd or nfdump, and reproduce the problem on demand. > > However with or without tcpdump, you still need to: > > - compile nfdump 1.6.20 from source > - run it until it crashes > - use gdb to read the coredump > - perform a backtrace and inspect variables to work out what caused the > crash > > OR > > - compile nfdump 1.6.20 from source > - run it *under gdb* until it crashes > - perform a backtrace and inspect variables to work out what caused the > crash > > However, this is not the list to explain how to debug C code. I suggest > you find a local system administrator and/or C programmer who can help you. > >
_______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss