You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have some Nexus7700 boxes and after upgraded to NXOS v8.0.1, nfcapd began to flooding syslog and soon log partition gets full.
Logs:
Jan 27 10:24:39 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:39 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:39 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:39 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 36
Jan 27 10:24:39 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:39 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
In RFC3954 there is no explicit padding size limit:
5.3. Data FlowSet Format
Padding
The Exporter SHOULD insert some padding bytes so that the
subsequent FlowSet starts at a 4-byte aligned boundary. It is
important to note that the Length field includes the padding
bytes. Padding SHOULD be using zeros. strange-netflow-with-template.cap.zip
Does it breaks the RFC?
nfcapd interpret data flowset incorrectly?
Thanks in advice.
Tibor
The text was updated successfully, but these errors were encountered:
Padding | Padding should be inserted to align the end of the FlowSet on a 32 bit boundary. Pay attention
that the Length field will include those padding bits.
If there is a newer NetFlow Version 9 Flow-Record Format definition, let me know.
Hi,
We have some Nexus7700 boxes and after upgraded to NXOS v8.0.1, nfcapd began to flooding syslog and soon log partition gets full.
Logs:
Jan 27 10:24:39 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:39 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:39 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:39 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 36
Jan 27 10:24:39 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:39 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
Jan 27 10:24:40 hotdog nfcapd[2711]: Process_v9: Corrupt data flowset? Pad bytes: 24
In RFC3954 there is no explicit padding size limit:
Does it breaks the RFC?
nfcapd interpret data flowset incorrectly?
Thanks in advice.
Tibor
The text was updated successfully, but these errors were encountered: