[flow-tools] Lost Flow Syslog Message, this can't be right

Ferry Korving ferry@xs4all.nl
Tue, 16 Apr 2002 09:12:48 +0200 (CEST) 

On Mon, 15 Apr 2002, Poetzel, Christopher J. wrote:

>I have seen this type of message in my Syslog before and thought I would
>email to see if someone could explain it...
> 
>Apr 15 13:09:06 jupiter flow-capture[2463]: ftpdu_seq_check():
>src_ip=192.5.170.2 dst_ip=146.137.1.70 d_version=5 expecting=508750200
>received=508750230 lost=30
> 
>Apr 15 13:09:06 jupiter flow-capture[2463]: ftpdu_seq_check():
>src_ip=192.5.170.2 dst_ip=146.137.1.70 d_version=5 expecting=508750260
>received=508750200 lost=4294967235
> 
>Apr 15 13:09:06 jupiter flow-capture[2463]: ftpdu_seq_check():
>src_ip=192.5.170.2 dst_ip=146.137.1.70 d_version=5 expecting=508750230
>received=508750260 lost=30
> 
>I cannot believe that flow-tools would lose 4,294,967,235 flows.
>Any thoughts

I experience the same. And it's always 30 or 60 or the
(miscalculated) big number (4294967235) you see as well.

Mar 10 04:02:48 lineh flow-capture[685]: ftpdu_seq_check(): src_ip=xxx.xxx.xxx.xxx
   dst_ip=yyy.yyy.yyy.yyy d_version=5 expecting=1509136261 received=1509136291 lost=30
Mar 10 04:02:48 lineh flow-capture[685]: ftpdu_seq_check(): src_ip=xxx.xxx.xxx.xxx
   dst_ip=yyy.yyy.yyy.yyy d_version=5 expecting=1509136321 received=1509136261 lost=4294967235
Mar 10 04:02:49 lineh flow-capture[685]: ftpdu_seq_check(): src_ip=xxx.xxx.xxx.xxx
   dst_ip=yyy.yyy.yyy.yyy d_version=5 expecting=1509136291 received=1509136321 lost=30
Mar 10 04:02:53 lineh flow-capture[685]: ftpdu_seq_check(): src_ip=xxx.xxx.xxx.xxx
   dst_ip=yyy.yyy.yyy.yyy d_version=5 expecting=1509136441 received=1509136471 lost=30
Mar 10 04:02:53 lineh flow-capture[685]: ftpdu_seq_check(): src_ip=xxx.xxx.xxx.xxx
   dst_ip=yyy.yyy.yyy.yyy d_version=5 expecting=1509136501 received=1509136441 lost=4294967235
Mar 10 04:02:54 lineh flow-capture[685]: ftpdu_seq_check(): src_ip=xxx.xxx.xxx.xxx
   dst_ip=yyy.yyy.yyy.yyy d_version=5 expecting=1509136471 received=1509136501 lost=30
Mar 10 04:04:06 lineh flow-capture[685]: ftpdu_seq_check(): src_ip=xxx.xxx.xxx.xxx
   dst_ ip=yyy.yyy.yyy.yyy d_version=5 expecting=1509137821 received=1509137851 lost=30
Mar 10 04:04:06 lineh flow-capture[685]: ftpdu_seq_check(): src_ip=xxx.xxx.xxx.xxx
   dst_ip=yyy.yyy.yyy.yyy d_version=5 expecting=1509137881 received=1509137821 lost=4294967235

best regards,

Ferry korving