2016-11-01 23:20 GMT+03:00 Brian Candler <[email protected]>:
> On 01/11/2016 14:05, SancheZZS . wrote:
>>
>> generated flow
>> 13:40:28.003356 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
>> 13:40:28.003373 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
>> 13:40:28.003392 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
>> 13:40:28.003410 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
>> 13:40:28.003427 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
>> 13:40:28.003444 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
>> 13:40:28.003462 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
>> 13:40:28.003479 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
>>
>> 10.8.1.74 ip of LXC.
>
>
> Where is that tcpdump being captured? Is it actually inside the container?
> If not, I wonder whether the packets are being routed into the container
> properly.
>
It in the container. Also tshark show in container
1 0.000000 10.11.108.251 -> 10.8.1.74 CFLOW 498 total: 9 (v5) flows
2 0.002761 10.11.108.251 -> 10.8.1.74 CFLOW 1506 total: 30 (v5) flows
3 0.002768 10.11.108.251 -> 10.8.1.74 CFLOW 1506 total: 30 (v5) flows
4 0.002774 10.11.108.251 -> 10.8.1.74 CFLOW 1506 total: 30 (v5) flows
5 0.002779 10.11.108.251 -> 10.8.1.74 CFLOW 1506 total: 30 (v5) flows
6 0.002784 10.11.108.251 -> 10.8.1.74 CFLOW 1506 total: 30 (v5) flows
7 0.002789 10.11.108.251 -> 10.8.1.74 CFLOW 1506 total: 30 (v5) flows
8 0.002796 10.11.108.251 -> 10.8.1.74 CFLOW 1506 total: 30 (v5) flows
9 0.002800 10.11.108.251 -> 10.8.1.74 CFLOW 1506 total: 30 (v5) flows
10 0.002803 10.11.108.251 -> 10.8.1.74 CFLOW 1506 total: 30 (v5) flows
11 0.002807 10.11.108.251 -> 10.8.1.74 CFLOW 1506 total: 30 (v5) flows
12 0.002811 10.11.108.251 -> 10.8.1.74 CFLOW 1506 total: 30 (v5) flows
13 5.000031 10.11.108.251 -> 10.8.1.74 CFLOW 1026 total: 20 (v5) flows
I have checked nfcapd with strace
root@datastor:~# strace -p 13720
strace: Process 13720 attached
recvfrom(4,
0x12a4ac0, 65535, 0, 0x7fffe3842fa0, 0x7fffe3842f74) = ? ERESTARTSYS
(To be restarted if SA_RESTART is set)
--- SIGALRM {si_signo=SIGALRM, si_code=SI_KERNEL} ---
rt_sigreturn({mask=[]}) = -1 EINTR (Interrupted system call)
alarm(0) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1544, ...}) = 0
lseek(5, 0, SEEK_SET) = 0
write(5, "\f\245\1\0\1\0\0\0\0\0\0\0rbth\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
140) = 140
write(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
136) = 136
close(5) = 0
stat("/var/tmp/2016/11/03", {st_mode=S_IFDIR|0755, st_size=152, ...}) = 0
rename("/var/tmp/nfcapd.current.13718",
"/var/tmp/2016/11/03/nfcapd.201611031630") = 0
stat("/var/tmp/2016/11/03/nfcapd.201611031630", {st_mode=S_IFREG|0644,
st_size=276, ...}) = 0
semop(1867776, [{0, -1, 0}], 1) = 0
semop(1867776, [{0, 1, 0}], 1) = 0
sendto(3, "<30>Nov 3 16:35:10 nfcapd[13720"..., 115, MSG_NOSIGNAL,
NULL, 0) = 115
open("/var/tmp/nfcapd.current.13718", O_RDWR|O_CREAT|O_TRUNC, 0644) = 5
write(5, "\f\245\1\0\1\0\0\0\0\0\0\0rbth\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
140) = 140
write(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
136) = 136
sendto(3, "<30>Nov 3 16:35:10 nfcapd[13720"..., 59, MSG_NOSIGNAL, NULL, 0) = 59
alarm(300) = 0
recvfrom(4, ^Cstrace: Process 13720 detached
<detached ...>
The strings below arouse much interest .
recvfrom(4,
0x12a4ac0, 65535, 0, 0x7fffe3842fa0, 0x7fffe3842f74) = ? ERESTARTSYS
(To be restarted if SA_RESTART is set)
--- SIGALRM {si_signo=SIGALRM, si_code=SI_KERNEL} ---
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
