-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all,
we have noticed the problem regarding the time window setting in nfdump. No matter the settings of original nfdump command the resulting time window is often set to: Time window: 2038-01-19 04:14:07 - 1970-01-01 01:00:00 without apparent cause. From our point of view this behaviour is more or less random, but we often spot this when the result of the query is empty (no flows). An example is attached. Currently we use: nfdump: Version: 1.6.4 $Date: 2011-07-19 12:43:31 +0200 (Tue, 19 Jul 2011) $ but we encountered this problem in latest versions as well. Does anybody know how to fix it? Best regards, Tomas Plesnik CSIRT-MU - -- Tomas Plesnik [email protected] CSIRT-MU, Network Security Department http://www.muni.cz/csirt Institute of Computer Science, Masaryk University, Brno, Czech Republic PGP key ID: 0x9D3722F3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk6Vgq4ACgkQGA/bT503IvPs2wCfcSo4xOjY+gftj1D99lrIx1Qo 0oEAoKrRr6TbgWz0MG18YT6h0GuWDD+u =oytp -----END PGP SIGNATURE-----
nfdump -M /data/nfsen/profiles-data/live/eduroam -R 2011/10/11/nfcapd.201110111215:2011/10/11/nfcapd.201110111300 -o extended -m -c 10000 'ip 147.251.xxx.xxx and ip 147.251.xxx.xxx' Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Flags Tos Packets Bytes pps bps Bpp Flows Summary: total flows: 0, total bytes: 0, total packets: 0, avg bps: 0, avg pps: 0, avg bpp: 0 Time window: 2038-01-19 04:14:07 - 1970-01-01 01:00:00 Total flows processed: 6333868, Blocks skipped: 0, Bytes read: 329450672 Sys: 0.961s flows/second: 6585068.6 Wall: 0.960s flows/second: 6596288.1
nfdump.txt.sig
Description: Binary data
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
