[flow-tools] Lost Flow Syslog Message, this can't be right

Poetzel, Christopher J. cpoetzel@anl.gov
Mon, 15 Apr 2002 13:35:41 -0500 

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C1E4AC.584FB0D0
Content-Type: text/plain

I have seen this type of message in my Syslog before and thought I would
email to see if someone could explain it...
 
Apr 15 13:09:06 jupiter flow-capture[2463]: ftpdu_seq_check():
src_ip=192.5.170.2 dst_ip=146.137.1.70 d_version=5 expecting=508750200
receiv
ed=508750230 lost=30
 
Apr 15 13:09:06 jupiter flow-capture[2463]: ftpdu_seq_check():
src_ip=192.5.170.2 dst_ip=146.137.1.70 d_version=5 expecting=508750260
receiv
ed=508750200 lost=4294967235
 
Apr 15 13:09:06 jupiter flow-capture[2463]: ftpdu_seq_check():
src_ip=192.5.170.2 dst_ip=146.137.1.70 d_version=5 expecting=508750230
receiv
ed=508750260 lost=30
 
I cannot believe that flow-tools would lose 4,294,967,235 flows.
Any thoughts
 
 
 
Chris Poetzel
Argonne National Labratory
Network Engineer
CCNA
 
630-252-7431
cpoetzel@anl.gov
 

------_=_NextPart_001_01C1E4AC.584FB0D0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">


<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C1E481.8F3E8D80">
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
 name=3D"time"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
 name=3D"place"/>
<!--[if gte mso 9]><xml>
 <o:OfficeDocumentSettings>
  <o:DoNotRelyOnCSS/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:HideSpellingErrors/>
  <w:HideGrammaticalErrors/>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
  <w:DocumentKind>DocumentEmail</w:DocumentKind>
  <w:EnvelopeVis/>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:SnapToGridInCell/>
   <w:WrapTextWithPunct/>
   <w:UseAsianBreakRules/>
  </w:Compatibility>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
 </w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-parent:"";
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:"Times New Roman";
	mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;
	text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;
	text-underline:single;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	mso-style-noshow:yes;
	mso-ansi-font-size:10.0pt;
	mso-bidi-font-size:10.0pt;
	font-family:Arial;
	mso-ascii-font-family:Arial;
	mso-hansi-font-family:Arial;
	mso-bidi-font-family:Arial;
	color:windowtext;}
span.SpellE
	{mso-style-name:"";
	mso-spl-e:yes;}
span.GramE
	{mso-style-name:"";
	mso-gram-e:yes;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;
	mso-header-margin:.5in;
	mso-footer-margin:.5in;
	mso-paper-source:0;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
 /* Style Definitions */=20
 table.MsoNormalTable
	{mso-style-name:"Table Normal";
	mso-tstyle-rowband-size:0;
	mso-tstyle-colband-size:0;
	mso-style-noshow:yes;
	mso-style-parent:"";
	mso-padding-alt:0in 5.4pt 0in 5.4pt;
	mso-para-margin:0in;
	mso-para-margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:10.0pt;
	font-family:"Times New Roman";}
</style>
<![endif]-->
</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple =
style=3D'tab-interval:.5in'>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>I have seen this type of message in my Syslog before =
and
thought I would email to see if someone could explain =
it...<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Apr 15 </span></font><st1:time Hour=3D"13" =
Minute=3D"9"><font
 size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>13:09:06</span></font></st1=
:time><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'> <span
class=3DSpellE>jupiter</span> flow-<span =
class=3DGramE>capture[</span>2463]: <span
class=3DSpellE>ftpdu_seq_check</span>(): <span class=3DSpellE>src_ip</sp=
an>=3D192.5.170.2
<span class=3DSpellE>dst_ip</span>=3D146.137.1.70 <span =
class=3DSpellE>d_version</span>=3D5
expecting=3D508750200 <span =
class=3DSpellE>receiv</span><o:p></o:p></span></font></p>

<p class=3DMsoNormal><span class=3DGramE><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>ed=3D</span></font></span><=
font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>508750230
lost=3D30<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Apr 15 </span></font><st1:time Hour=3D"13" =
Minute=3D"9"><font
 size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>13:09:06</span></font></st1=
:time><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'> <span
class=3DSpellE>jupiter</span> flow-<span =
class=3DGramE>capture[</span>2463]: <span
class=3DSpellE>ftpdu_seq_check</span>(): <span =
class=3DSpellE>src_ip</span>=3D192.5.170.2
<span class=3DSpellE>dst_ip</span>=3D146.137.1.70 <span =
class=3DSpellE>d_version</span>=3D5
expecting=3D508750260 <span =
class=3DSpellE>receiv</span><o:p></o:p></span></font></p>

<p class=3DMsoNormal><span class=3DGramE><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>ed=3D</span></font></span><=
font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>508750200
lost=3D<b style=3D'mso-bidi-font-weight:normal'><span =
style=3D'font-weight:bold;
mso-bidi-font-weight:normal'>4294967235</span></b><o:p></o:p></span></fo=
nt></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Apr 15 </span></font><st1:time Hour=3D"13" =
Minute=3D"9"><font
 size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>13:09:06</span></font></st1=
:time><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'> <span
class=3DSpellE>jupiter</span> flow-<span =
class=3DGramE>capture[</span>2463]: <span
class=3DSpellE>ftpdu_seq_check</span>(): <span =
class=3DSpellE>src_ip</span>=3D192.5.170.2
<span class=3DSpellE>dst_ip</span>=3D146.137.1.70 <span =
class=3DSpellE>d_version</span>=3D5
expecting=3D508750230 <span =
class=3DSpellE>receiv</span><o:p></o:p></span></font></p>

<p class=3DMsoNormal><span class=3DGramE><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>ed=3D</span></font></span><=
font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>508750260
lost=3D30<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>I cannot believe that flow-tools would lose <b
style=3D'mso-bidi-font-weight:normal'><span =
style=3D'font-weight:bold;mso-bidi-font-weight:
normal'>4,294,967,235 </span></b>flows.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Any thoughts<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;mso-no-proof:yes'>Chris Poetzel</span></font><span
style=3D'mso-no-proof:yes'><o:p></o:p></span></p>

<p class=3DMsoNormal><st1:place><font size=3D2 face=3DArial><span =
style=3D'font-size:
 =
10.0pt;font-family:Arial;mso-no-proof:yes'>Argonne</span></font></st1:pl=
ace><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;mso-no-proof:
yes'> National Labratory</span></font><span =
style=3D'mso-no-proof:yes'><o:p></o:p></span></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;mso-no-proof:yes'>Network Engineer</span></font><span
style=3D'mso-no-proof:yes'><o:p></o:p></span></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;mso-no-proof:yes'>CCNA</span></font><span =
style=3D'mso-no-proof:
yes'><o:p></o:p></span></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt;mso-no-proof:yes'>&nbsp;<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;mso-no-proof:yes'>630-252-7431</span></font><span
style=3D'mso-no-proof:yes'><o:p></o:p></span></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;mso-no-proof:yes'>cpoetzel@anl.gov</span></font><o:p><=
/o:p></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

</div>

</body>

</html>

------_=_NextPart_001_01C1E4AC.584FB0D0--