Skip Menu |

This queue is for tickets about the Net-Flow CPAN distribution.

Report information
The Basics
Id: 71770
Status: resolved
Priority: 0/
Queue: Net-Flow
People
Owner: Nobody in particular
Requestors: ks.anand80 [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 0.04
Fixed in: (no value)
Attachments
netflow_out
tcpdump19oct-Netflowmismatch

History Show all quoted text
  Wed Oct 19 01:17:55 2011 ks.anand80 [...] gmail.com - Ticket created
Subject: Mismatch in number of packets recd between wireshark and netflow script (Example 1)
I am seeing an issue with Net::Flow. I used Example 1 provided in the page to capture the netflow packets. I am trying to capture long-term flows wherein my box (DUT) sends the flow information for long flows (Active flow timeout ) of 60 seconds. The information in wireshark and the information printed using the netflow package is not consistent. The wireshark shows 45 frames whereas the netflow shows only 10 packets. Hence expected flow information sent by my DUT is missing. I expect the number of frames seen in the wireshark and number of packets in the Net::Flow script to be the same. But this is not the case. Let me know if you need some information.
  Wed Oct 19 01:53:03 2011 ks.anand80 [...] gmail.com - Correspondence added
From: ks.anand80 [...] gmail.com
I am attaching the netflow_out file which contains the output of the netflow script and the pcap file captured by wireshark.. You can compare the sequence numbers and the corresponding data. Please consider only the first 46 frames in the wireshark to compare with the netflow out. On Wed Oct 19 01:17:55 2011, ansri wrote: Show quoted text
> I am seeing an issue with Net::Flow. I used Example 1 provided in the > page to capture the netflow packets. > > I am trying to capture long-term flows wherein my box (DUT) sends the > flow information for long flows (Active flow timeout ) of 60 seconds. > > The information in wireshark and the information printed using the > netflow package is not consistent. The wireshark shows 45 frames whereas > the netflow shows only 10 packets. Hence expected flow information sent > by my DUT is missing. > > I expect the number of frames seen in the wireshark and number of > packets in the Net::Flow script to be the same. But this is not the > case. Let me know if you need some information.
Subject: netflow_out
Download netflow_out
application/octet-stream 78.6k

Message body not shown because it is not plain text.

Subject: tcpdump19oct-Netflowmismatch
  Wed Oct 19 02:03:05 2011 ks.anand80 [...] gmail.com - Correspondence added
From: ks.anand80 [...] gmail.com
Not sure if the wireshark capture is attached properly. Attachign once again.. On Wed Oct 19 01:53:03 2011, ansri wrote: Show quoted text
> I am attaching the netflow_out file which contains the output of the > netflow script and the pcap file captured by wireshark.. You can compare > the sequence numbers and the corresponding data. Please consider only > the first 46 frames in the wireshark to compare with the netflow out. > > > > On Wed Oct 19 01:17:55 2011, ansri wrote:
> > I am seeing an issue with Net::Flow. I used Example 1 provided in the > > page to capture the netflow packets. > > > > I am trying to capture long-term flows wherein my box (DUT) sends the > > flow information for long flows (Active flow timeout ) of 60 seconds. > > > > The information in wireshark and the information printed using the > > netflow package is not consistent. The wireshark shows 45 frames whereas > > the netflow shows only 10 packets. Hence expected flow information sent > > by my DUT is missing. > > > > I expect the number of frames seen in the wireshark and number of > > packets in the Net::Flow script to be the same. But this is not the > > case. Let me know if you need some information.
> >
Subject: tcpdump19oct-Netflowmismatch
  Thu Oct 20 02:04:51 2011 ks.anand80 [...] gmail.com - Correspondence added
From: ks.anand80 [...] gmail.com
Not sure why so much sequence numbers are missing from the output attached earlier. Does the processing time (taken to print the values to stdout) is causing this skip. I am not sure. On Wed Oct 19 02:03:05 2011, ansri wrote: Show quoted text
> Not sure if the wireshark capture is attached properly. Attachign once > again.. > > On Wed Oct 19 01:53:03 2011, ansri wrote:
> > I am attaching the netflow_out file which contains the output of the > > netflow script and the pcap file captured by wireshark.. You can compare > > the sequence numbers and the corresponding data. Please consider only > > the first 46 frames in the wireshark to compare with the netflow out. > > > > > > > > On Wed Oct 19 01:17:55 2011, ansri wrote:
> > > I am seeing an issue with Net::Flow. I used Example 1 provided in the > > > page to capture the netflow packets. > > > > > > I am trying to capture long-term flows wherein my box (DUT) sends the > > > flow information for long flows (Active flow timeout ) of 60 seconds. > > > > > > The information in wireshark and the information printed using the > > > netflow package is not consistent. The wireshark shows 45 frames
whereas Show quoted text
> > > the netflow shows only 10 packets. Hence expected flow information
sent Show quoted text
> > > by my DUT is missing. > > > > > > I expect the number of frames seen in the wireshark and number of > > > packets in the Net::Flow script to be the same. But this is not the > > > case. Let me know if you need some information.
> > > >
> >
  Fri Feb 08 08:10:14 2013 ACFEREN [...] cpan.org - Correspondence added
I don't have your source input, but I sent some v9 to the example 1 script and could not reproduce.
  Fri Feb 08 08:10:16 2013 The RT System itself - Status changed from 'new' to 'open'
  Fri Feb 08 08:10:16 2013 ACFEREN [...] cpan.org - Status changed from 'open' to 'resolved'