On Mon, Oct 19, 2009 at 7:01 PM, Mark D. Nagel <[email protected]> wrote: >> I'm trying to convert pcap data to netflow data using softflowd / >> nfcapd through the following commands: >> $ nfcapd -p9995 -l ./netflow/ >> $ softflowd -n 127.0.0.1:9995 -r dump.pcap >> > > I had the same issue with nProbe because it would put local timestamps > into the flows and nfcapd (rightly) expects UTC. Try adding TZ=UTC > prior to starting the command, e.g.: > > env TZ=UTC softflowd -n 127.0.0.1:9995 -r dump.pcap
Thanks, but same result. I just tested with softflowd / flow-tools using the following command: $ ./bin/flow-tools-0.68/src/flow-capture -w flow-tool/ 127.0.0.1/127.0.0.1/9995 and the same problem occurs (timestamps between 2:32:47 and 2:33:14), so I think the issue is actually coming from softflowd. Regards, Robin ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
