From: Mike Hunter [mailto:[EMAIL PROTECTED]
Sent: Fri 5/27/2005 4:56 PM
To: Vial, Sylvain
Cc: [email protected]
Subject: Re: [Flow-tools] Errors in unix time for some ft files when using flow-report. very strange...
On May 27, "Vial, Sylvain" wrote:
> Hello,
> I'm
actually using flow-tools to generate reports in order to create a
> list
of the most frequent used ip addresses and destination ports for
> udp and
tcp protocols.
> My problem is that I obtain strange values for the
first-flow and
> last-flow key words.
> For example :
> #
first-flow : 4294967295 Wed Dec 31 17:59:29 1969
> # last-flow : 0 Wed Dec
31 18:00:00 1969
>
> As you can see packets are captured
before epoch !!!!
>
> When I use flow-print the obtained
values seem to be correct:
> With the -f 1 option, for example I have
:
>
> 0001a 129.15.118.219 0000
129.15.119.255 11 277 277 1 145
> 0511.13:14:29.000
0511.13:14:29.000 0.000 145 00 00
>
>
With the header :
>
> Sif SrcIPaddress Dif DstIPaddress Pr
ScrcP DstP Pkts Octects StartTime
> EndTime Active B/Pk Ts
Fl
>
> The name of my ft file is :
ft-v05.2005-05-11.13.1000-0500
>
> Do you know why I have
these strange values?
>
> Thanks for your help.
Just to
make sure, are you using a 32 bit system or a 64 bit system? There
are
some issues with timevalues and casting on 64 bit systems.
http://mailman.splintered.net/pipermail/flow-tools/2004-December/002499.html
http://mailman.splintered.net/pipermail/flow-tools/2004-December/002501.html
Mike
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
