[c-nsp] Netflow with nfsen issue
Satish Patel
satish.txt at gmail.com
Fri Jul 1 12:52:35 EDT 2016
I have tried v9 and v10 both and same result wrong date. Here are the version
nfdump-1.6.11
nfsen-1.3.6p1
Here is the raw data
[root at netflow 01]# nfdump -r nfcapd.201607011240 -o raw
Flow Record:
Flags = 0x06 FLOW, Unsampled
export sysid = 2
size = 52
first = 0 [1969-12-31 19:00:00]
last = 0 [1969-12-31 19:00:00]
msec_first = 0
msec_last = 0
src addr = xx.xx.xx.xx
dst addr = xx.xx.xx.xx
src port = 40541
dst port = 23
fwd status = 0
tcp flags = 0x00 ......
proto = 6 TCP
(src)tos = 0
(in)packets = 126
(in)bytes = 6552
On Fri, Jul 1, 2016 at 12:47 PM, Tom Hill <tom at ninjabadger.net> wrote:
> On 01/07/16 17:39, Satish Patel wrote:
>> On nfdump i am seeing this.
>>
>> [root at netflow 30]# nfdump -M /data/nfsen/profiles-data/live/r1 -T -r
>> nfcapd.201606301715 -a -c 10
>> Date first seen Duration Proto Src IP Addr:Port
>> Dst IP Addr:Port Packets Bytes Flows
>> 1969-12-31 19:00:00.000 0.000 0 176.61.183.77:0 ->
>> xx.xx.xx.98:0 56 2688 1
>
> If the time is correct in the exported packets, then it makes me wonder
> which version of nfdump you're using.
>
> IPFIX might as well be 'Netflow v10', so support might be patchy with
> older variants of nfcapd/nfdump.
>
> --
> Tom
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list