8 Jun 2012 15:16
nfcapd - Process_v9: Corrupt data flowset? Pad bytes: 6 | 12
I'm seeing errors when running nfcapd as part of a nfsen installation. The error is: Process_v9: Corrupt data flowset? Pad bytes: 6 Sometimes Pad bytes is 12. I see some flows that just don't fit the environment - millions of packets per second with source and destinations that couldn't possibly be found in my network. This is nfdump 1.6.6, nfsen 1.3.6p1. The exporter is pfsense 2.0.1-RELEASE (amd64) I am exporting in Netflow v9 format using the pfflowd 0.8.2 package. Sample TCP dump of my exports are attached (I export to UDP 9999). Any ideas what the problem might be? -- -- Regards, Giles Coochey, CCNA, CCNAS NetSecSpec Ltd +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk giles@...(Continue reading)
RSS Feed