Hi everyone, I'm trying to convert pcap data to netflow data using softflowd / nfcapd through the following commands: $ nfcapd -p9995 -l ./netflow/ $ softflowd -n 127.0.0.1:9995 -r dump.pcap
Everything works well except for the timestamps which are incorrectly reported in the flow: the pcap file has timestamps between 10:30:00 and 10:30:27 on 2009-10-07, and the resulting flow file has timestamps between 2:32:47 and 2:33:14 on 2009-11-26 (!). $ nfdump -r ./netflow/nfcapd.200910191841 Date flow start Duration Proto ... 2009-11-26 02:32:47.300 0.032 TCP ... 2009-11-26 02:32:47.300 0.300 TCP ... 2009-11-26 02:32:47.310 0.860 TCP ... 2009-11-26 02:32:47.319 0.000 TCP ... $ tcpdump -n -tttt -r dump.pcap reading from file dump.pcap, 2009-10-07 10:30:00.004291 IP ... 2009-10-07 10:30:00.004436 IP ... 2009-10-07 10:30:00.004485 IP ... 2009-10-07 10:30:00.036614 IP ... I'm using softflowd-0.9.8 and nfdump-snapshot-1.6b-20090930 on a Debian Lenny (kernel 2.6.18-4-686). If anyone has any clue about where the problem could come from, please let me know! Thanks, Robin ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
