When Trisul is in NETFLOW_TAP mode, the server running Trisul may send ICMP Type 3, Destination Unreachable Port Unreachable packets back to the router.
The reason is :
1. Trisul does not depend on the UDP service to process Netflow packets, it picks it up from unix rx ring sockets or libpcap.
The best solution is to disable outgoing icmp 3
iptables -A OUTPUT -p icmp --icmp-type 3 -j DROP
An alternative solution : Just run a dummy server that opens a UDP port and sits there.
require 'socket'
UDPSocket.new.bind(nil,6343)
![vivek [unleash]'s Avatar](https://www.unleashnetworks.com/media/kunena/avatars/resized/size144/gallery/viv_gravat.png)