Re: [Nfdump-discuss] Mac OSX empty values in flow records?

Peter Haag Tue, 19 Jun 2012 02:04:23 -0700

Hi Dave,
In order to verify the data and track potential bugs, I would need a
packet capture. Otherwise, it's a bit difficult, as I have no access
to Juniper equipment.


        - Peter

On 6/19/12 0:41, Dave hartzell wrote:
> Hi all,
> 
> I'm experimenting with Juniper IPFIX export (inline J-flow from an MX 240).
> 
> It seems to be working correctly (the export process) but I don't see
> a correct capture values (using 1.6.6):
> 
> 
> 1969-12-31 17:00:00.000     0.000 TCP     xx.yy.206.202:43529 ->
> nn.mm.21.194:38436        0        0     1
> 1969-12-31 17:00:00.000     0.000 TCP     xx.yy.206.202:43529 ->
> nn.mm.21.194:38436        0        0     1
> 1969-12-31 17:00:00.000     0.000 TCP     xx.yy.206.207:22    ->
> nn.mm.21.198:46248        0        0     1
> 1969-12-31 17:00:00.000     0.000 UDP     aa.bb.145.73:56597 ->
> nn.mm.21.38:53           0        0     1
> 1969-12-31 17:00:00.000     0.000 UDP     aa.bb.145.73:11651 ->
> nn.mm.21.38:53           0        0     1
> 1969-12-31 17:00:00.000     0.000 TCP     xx.yy.206.207:22    ->
> nn.mm.21.197:57265        0        0     1
> 1969-12-31 17:00:00.000     0.000 TCP      xx.yy.206.57:22    ->
> nn.mm.21.198:43790        0        0     1
> 1969-12-31 17:00:00.000     0.000 TCP     aa.bb.145.69:59917 ->
> nn.mm.21.71:636          0        0     1
> 1969-12-31 17:00:00.000     0.000 UDP     aa.bb.145.73:11579 ->
> nn.mm.21.38:53           0        0     1
> 1969-12-31 17:00:00.000     0.000 TCP        172.16.3.17:59436 ->
> nn.mm.12.74:80           0        0     1
> 
> (IP address values changed to protect the innocent...)
> 
> According to a Wireshark capture/decode, all the correct values are
> being exported from the MX (e.g. I see correct bytes/packets/etc) but
> it doesn't seem to get recorded correctly.
> 
> On a Linux collector running 1.6.6, this seems to be working fine, so
> it is probably related to the Mac OS 10.6.8 build (using Xcode 3.4
> IIRC).
> 
> Anyone else notice this?
> 
> Thanks,
> 
> Dave
> 
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Nfdump-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

-- 
--
Be nice to your netflow data

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Re: [Nfdump-discuss] Mac OSX empty values in flow records?

Reply via email to