Hi all, I'm experimenting with Juniper IPFIX export (inline J-flow from an MX 240).
It seems to be working correctly (the export process) but I don't see a correct capture values (using 1.6.6): 1969-12-31 17:00:00.000 0.000 TCP xx.yy.206.202:43529 -> nn.mm.21.194:38436 0 0 1 1969-12-31 17:00:00.000 0.000 TCP xx.yy.206.202:43529 -> nn.mm.21.194:38436 0 0 1 1969-12-31 17:00:00.000 0.000 TCP xx.yy.206.207:22 -> nn.mm.21.198:46248 0 0 1 1969-12-31 17:00:00.000 0.000 UDP aa.bb.145.73:56597 -> nn.mm.21.38:53 0 0 1 1969-12-31 17:00:00.000 0.000 UDP aa.bb.145.73:11651 -> nn.mm.21.38:53 0 0 1 1969-12-31 17:00:00.000 0.000 TCP xx.yy.206.207:22 -> nn.mm.21.197:57265 0 0 1 1969-12-31 17:00:00.000 0.000 TCP xx.yy.206.57:22 -> nn.mm.21.198:43790 0 0 1 1969-12-31 17:00:00.000 0.000 TCP aa.bb.145.69:59917 -> nn.mm.21.71:636 0 0 1 1969-12-31 17:00:00.000 0.000 UDP aa.bb.145.73:11579 -> nn.mm.21.38:53 0 0 1 1969-12-31 17:00:00.000 0.000 TCP 172.16.3.17:59436 -> nn.mm.12.74:80 0 0 1 (IP address values changed to protect the innocent...) According to a Wireshark capture/decode, all the correct values are being exported from the MX (e.g. I see correct bytes/packets/etc) but it doesn't seem to get recorded correctly. On a Linux collector running 1.6.6, this seems to be working fine, so it is probably related to the Mac OS 10.6.8 build (using Xcode 3.4 IIRC). Anyone else notice this? Thanks, Dave ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
