Peter, Thanks for getting back to me. I just upgraded to snapshot 20081221 on my test box, but i am not getting any debug information on the actual records.
Now that you have confirmed that the output should contain the records, I will do some further debugging... Thanks, Tony On Thu, 2009-02-19 at 10:54 +0100, Peter Haag wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Tony, > The -E format still works - also with snapshot 20081221: > > ./nfcapd -E > Add extension: 2 byte input/output interface index > Add extension: 4 byte input/output interface index > Add extension: 2 byte src/dst AS number > Add extension: 4 byte src/dst AS number > File Block Header: > NumBlocks = 0 > Size = 0 > id = 2 > > > Flow Record: > Flags = 0x00 > size = 44 > first = 1235036708 [2009-02-19 10:45:08] > last = 1235036727 [2009-02-19 10:45:27] > msec_first = 160 > msec_last = 253 > src addr = x.x.x.x > dst addr = z.z.z.z > src port = 55115 > dst port = 443 > fwd status = 0 > tcp flags = 0x1b .AP.SF > proto = 6 > (src)tos = 0 > (in)packets = 26 > (in)bytes = 12784 > > > There is still some Debug output at the beginning, but all th records are > printed. > > - Peter > > Tony Gray wrote: > > Hi, > > Has the output format for nfcapd -E changed between nfdump-1.5.7 and the > > current snapshot 1.5.7-20081221? > > > > The output i am getting from the snapshot version looks like: > > > > Add extension: 2 byte input/output interface index > > Add extension: 4 byte input/output interface index > > Add extension: 2 byte src/dst AS number > > Add extension: 4 byte src/dst AS number > > File Block Header: > > NumBlocks = 0 > > Size = 0 > > id = 2 > > File Block Header: > > NumBlocks = 1 > > Size = 14 > > id = 2 > > > > Where as with the stable version i was getting: > > Flow Record: > > Flags = 0x00000000 > > size = 52 > > mark = 0 > > srcaddr = X.X.X.X > > dstaddr = X.X.X.X > > first = 1234522029 [2009-02-13 10:47:09] > > last = 1234522029 [2009-02-13 10:47:09] > > msec_first = 246 > > msec_last = 943 > > dir = 1 > > tcp_flags = 0x10 .A.... > > prot = 6 > > tos = 0 > > input = 26 > > output = 42 > > srcas = 0 > > dstas = 0 > > srcport = 34984 > > dstport = 80 > > dPkts = 2 > > dOctets = 80 > > > > Thanks, > > Tony > > - -- > _______ SWITCH - The Swiss Education and Research Network ______ > Peter Haag, Security Engineer, Member of SWITCH CERT > PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 > SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland > E-mail: [email protected] Web: http://www.switch.ch/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (Darwin) > > iQCVAwUBSZ0saf5AbZRALNr/AQLKagQAgwU0Z9voix/W7UrwGPpJ7SI9sT07e6Kn > kj8FkOyBwX8jjh3I/QXVX9N8duA98TyIO3JUvS18TncfYvMtofuCSbMjIT3PyY6I > WtWH5CACpBqMHnFTDv6moz9bcFO7r+3+A4KFyl0LWU46nYgIoEM3n4vWgKCCQx1I > 9ihKN+DEzIo= > =mxxE > -----END PGP SIGNATURE----- > -- Tony Gray HEAnet Limited Network Operations Registered in Ireland, no. 275301 Telephone: +353-1-6609040 1st floor, 5 George's Dock, Fax: +353-1-6603666 I.F.S.C., Dublin 1, Ireland ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
