Hi, I'm capturing flows on an OpenBSD 5.2 system using the pflow interface. When I export data using version 5, nfcapd behaves as expected.
However, if I export the flows as version 9, or IPFIX, nfcapd has a problem with the "first" and "last" fields of the flow record: Flow Record: Flags = 0x06 FLOW, Unsampled export sysid = 1 size = 564 first = 0 [1970-01-01 01:00:00] last = 0 [1970-01-01 01:00:00] msec_first = 0 msec_last = 0 .. .. .. (src)tos = 0 (in)packets = 6 (in)bytes = 598 ip router = 192.168.16.1 received at = 1366290086402 [2013-04-18 15:01:26.402] Wireshark has no trouble decoding the packet. Has anyone else experienced this? Tor ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
