On May 27, "Vial, Sylvain" wrote: > Hello, > I'm actually using flow-tools to generate reports in order to create a > list of the most frequent used ip addresses and destination ports for > udp and tcp protocols. > My problem is that I obtain strange values for the first-flow and > last-flow key words. > For example : > # first-flow : 4294967295 Wed Dec 31 17:59:29 1969 > # last-flow : 0 Wed Dec 31 18:00:00 1969 > > As you can see packets are captured before epoch !!!! > > When I use flow-print the obtained values seem to be correct: > With the -f 1 option, for example I have : > > 0001a 129.15.118.219 0000 129.15.119.255 11 277 277 1 145 > 0511.13:14:29.000 0511.13:14:29.000 0.000 145 00 00 > > With the header : > > Sif SrcIPaddress Dif DstIPaddress Pr ScrcP DstP Pkts Octects StartTime > EndTime Active B/Pk Ts Fl > > The name of my ft file is : ft-v05.2005-05-11.13.1000-0500 > > Do you know why I have these strange values? > > Thanks for your help.
Just to make sure, are you using a 32 bit system or a 64 bit system? There are some issues with timevalues and casting on 64 bit systems. http://mailman.splintered.net/pipermail/flow-tools/2004-December/002499.html http://mailman.splintered.net/pipermail/flow-tools/2004-December/002501.html Mike _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
