Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » tips » Troubleshooting Netflow
Trace:
tips:netflow_troubleshooting

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
tips:netflow_troubleshooting [2020/03/19 11:02] navaneethtips:netflow_troubleshooting [2020/03/20 15:29] (current) – [8. Analyse the captured flows] navaneeth
Line 6: Line 6:
 No data on the dashboard after enabling Netflow in Trisul Network Analytics. No data on the dashboard after enabling Netflow in Trisul Network Analytics.
 ** **
 +
 +{{:tips:netflowdashboard.png?400|}}
 +
 ===== Precondition ===== ===== Precondition =====
  
Line 33: Line 36:
  
 Do you see netflow packets on the screen ? Do you see netflow packets on the screen ?
 +
 +{{:tips:tcpdump.png?600|}}
  
 **Yes**. Move to next **Yes**. Move to next
Line 47: Line 52:
 Check if all the probes and hubs are in the Started position. Check if all the probes and hubs are in the Started position.
  
-{{:tips:nodeup.png?400|}}+{{:tips:nodeup.png?600|}}
  
 **Yes**. Move to next. **Yes**. Move to next.
Line 66: Line 71:
 **No**. Enable the interface eth0. **No**. Enable the interface eth0.
 If any other interface.Click "Create Adapters" option and add the new interface. If any other interface.Click "Create Adapters" option and add the new interface.
 +
 +{{:tips:create_adapter.png?600|}}
  
 <note important>Please ensure that you have Restarted Trisul after this step. <note important>Please ensure that you have Restarted Trisul after this step.
Line 79: Line 86:
 **No**. Change it from TAP mode to NETFLOW_TAP mode. **No**. Change it from TAP mode to NETFLOW_TAP mode.
  
-<note>Do not forget to restart Trisul after this step.+<note important>Please ensure that you have Restarted Trisul after this step.
 </note> </note>
 ==== 5. Check if the Netflow ports are interpreted correctly ==== ==== 5. Check if the Netflow ports are interpreted correctly ====
Line 90: Line 97:
 **No**. Add the specific port number to Netflow using Context: default → profile0 → Netflow Wizard. **No**. Add the specific port number to Netflow using Context: default → profile0 → Netflow Wizard.
  
-<note tip>You need to restart trisul after this step.</note>+{{:tips:port_number.png?600|}} 
 + 
 +<note important>Please ensure that you have Restarted Trisul after this step. 
 +</note>
 ==== 6. Check whether templates are visible ==== ==== 6. Check whether templates are visible ====
 Check whether the Netflow template is displayed. This can be done by using Context:default > Admin Tasks > Netflow Template DB. Check whether the Netflow template is displayed. This can be done by using Context:default > Admin Tasks > Netflow Template DB.
  
 Are the templates visible? Are the templates visible?
 +
 +{{:tips:templatedb.png?600|}}
  
 **Yes**. Move to next step. **Yes**. Move to next step.
Line 114: Line 126:
   - Click on Save.   - Click on Save.
  
-<note important>You need to restart trisul after this step.</note> +<note important>Please ensure that you have Restarted Trisul after this step. 
 +</note>
 ==== 8. Analyse the captured flows ==== ==== 8. Analyse the captured flows ====
 You can analyse the captured flows using Wireshark tool.This can be done by, You can analyse the captured flows using Wireshark tool.This can be done by,
Line 123: Line 135:
 </code> </code>
  
 +{{:tips:wireshark.png?600|}}
 +
 +  - Check if you have mentioned the port number correctly.
 +  - If not,then choose 'decode as' option by right-clicking on any one of the listed entries in wireshark.
 +  - Change the port number(for eg.5111) and set to CFLOW.
 +
 +{{:tips:wireshark1.png?600|}}
  
  
tips/netflow_troubleshooting.1584595946.txt.gz · Last modified: 2020/03/19 11:02 by navaneeth