PFSense softflowd seen via tcpdump but zero samples/sec

87 views
Skip to first unread message

Kevin J Crandall

unread,
Nov 13, 2018, 8:58:02 AM11/13/18
to sFlowTrend
I have SFTrend (free) running on Ubuntu 18.04 server with UFW and IPv6 disabled.
I am sending sflow from PFSense (192.168.1.1) softflowd to SFTrend (192.168.1.43) however:

# tcpdump host 192.168.1.1
08:49:01.980135 IP opsiquietsense.opsimath.org.39790 > opsibuntu.6343: sFlow version 589835 packet not supported

and 0 samples/sec

Anybody?



Sonia Panchen

unread,
Nov 13, 2018, 9:08:22 AM11/13/18
to sFlowTrend
The usual reasons for this are:
1. Firewall blocking port 6343 (tcpdump looks at packets before the firewall)
2. sFlow datagrams are malformed in some way. sFlow version 589835 reported by tcpdump is a bit suspicious. You could use wireshark to decode the traffic as sFlow and see if it complains.

Peter Phaal

unread,
Nov 13, 2018, 10:53:33 AM11/13/18
to sFlowTrend
I believe PFSense softflowd exports NetFlow records and not sFlow records. You could install the Host sFlow agent (sflow.net) to get sFlow.
Reply all
Reply to author
Forward
0 new messages