I have tried v9 and v10 both and same result wrong date. Here are the version
nfdump-1.6.11 nfsen-1.3.6p1 Here is the raw data [root@netflow 01]# nfdump -r nfcapd.201607011240 -o raw Flow Record: Flags = 0x06 FLOW, Unsampled export sysid = 2 size = 52 first = 0 [1969-12-31 19:00:00] last = 0 [1969-12-31 19:00:00] msec_first = 0 msec_last = 0 src addr = xx.xx.xx.xx dst addr = xx.xx.xx.xx src port = 40541 dst port = 23 fwd status = 0 tcp flags = 0x00 ...... proto = 6 TCP (src)tos = 0 (in)packets = 126 (in)bytes = 6552 On Fri, Jul 1, 2016 at 12:47 PM, Tom Hill <[email protected]> wrote: > On 01/07/16 17:39, Satish Patel wrote: >> On nfdump i am seeing this. >> >> [root@netflow 30]# nfdump -M /data/nfsen/profiles-data/live/r1 -T -r >> nfcapd.201606301715 -a -c 10 >> Date first seen Duration Proto Src IP Addr:Port >> Dst IP Addr:Port Packets Bytes Flows >> 1969-12-31 19:00:00.000 0.000 0 176.61.183.77:0 -> >> xx.xx.xx.98:0 56 2688 1 > > If the time is correct in the exported packets, then it makes me wonder > which version of nfdump you're using. > > IPFIX might as well be 'Netflow v10', so support might be patchy with > older variants of nfcapd/nfdump. > > -- > Tom > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
