Hi, Has the output format for nfcapd -E changed between nfdump-1.5.7 and the current snapshot 1.5.7-20081221?
The output i am getting from the snapshot version looks like: Add extension: 2 byte input/output interface index Add extension: 4 byte input/output interface index Add extension: 2 byte src/dst AS number Add extension: 4 byte src/dst AS number File Block Header: NumBlocks = 0 Size = 0 id = 2 File Block Header: NumBlocks = 1 Size = 14 id = 2 Where as with the stable version i was getting: Flow Record: Flags = 0x00000000 size = 52 mark = 0 srcaddr = X.X.X.X dstaddr = X.X.X.X first = 1234522029 [2009-02-13 10:47:09] last = 1234522029 [2009-02-13 10:47:09] msec_first = 246 msec_last = 943 dir = 1 tcp_flags = 0x10 .A.... prot = 6 tos = 0 input = 26 output = 42 srcas = 0 dstas = 0 srcport = 34984 dstport = 80 dPkts = 2 dOctets = 80 Thanks, Tony -- Tony Gray HEAnet Limited Network Operations Registered in Ireland, no. 275301 Telephone: +353-1-6609040 1st floor, 5 George's Dock, Fax: +353-1-6603666 I.F.S.C., Dublin 1, Ireland ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
