I recompiled - with some effort - with the current github source
$ ./nfcapd -V
nfcapd: Version: 1.6.15 ( was 13)
---------------------------------------------
$ ./nfcapd -Tall -p2055 -l test
Add extension: 2 byte input/output interface index
Add extension: 4 byte input/output interface index
Add extension: 2 byte src/dst AS number
Add extension: 4 byte src/dst AS number
Add extension: dst tos, direction, src/dst mask
Add extension: IPv4 next hop
Add extension: IPv6 next hop
Add extension: IPv4 BGP next IP
Add extension: IPv6 BGP next IP
Add extension: src/dst vlan id
Add extension: 4 byte output packets
Add extension: 8 byte output packets
Add extension: 4 byte output bytes
Add extension: 8 byte output bytes
Add extension: 4 byte aggregated flows
Add extension: 8 byte aggregated flows
Add extension: in src/out dst mac address
Add extension: in dst/out src mac address
Add extension: MPLS Labels
Add extension: IPv4 router IP addr
Add extension: IPv6 router IP addr
Add extension: router ID
Add extension: BGP adjacent prev/next AS
Add extension: time packet received
Add extension: NSEL Common block
Add extension: NSEL xlate ports
Add extension: NSEL xlate IPv4 addr
Add extension: NSEL xlate IPv6 addr
Add extension: NSEL ACL ingress/egress acl ID
Add extension: NSEL username
Add extension: NSEL max username
Add extension: nprobe latency
Add extension: NEL Common block
Add extension: Compat NEL IPv4
Add extension: NAT Port Block Allocation
Bound to IPv4 host/IP: any, Port: 2055
Startup.
Init IPFIX: Max number of IPFIX tags: 62 ===> note
Process_v9: New exporter: SysID: 1, Domain: 2304, IP: xx.xx.xx.xx
Process_v9: New exporter: SysID: 2, Domain: 1536, IP: xx.xx.xx.xx
Process_v9: [1536] Add template 261
Process_v9: New exporter: SysID: 3, Domain: 6, IP: xx.xx.xx.xx
Process_v9: [2304] Add template 264
Ident: 'none' Flows: 94349, Packets: 1831754, Bytes: 524130745,
Sequence Errors: 0, Bad Packets: 0
Total ignored packets: 0
Ident: 'none' Flows: 137470, Packets: 2826383, Bytes: 734543541,
Sequence Errors: 0, Bad Packets: 0
Total ignored packets: 0
Ident: 'none' Flows: 135803, Packets: 2804499, Bytes: 758352407,
Sequence Errors: 0, Bad Packets: 0
-------------------------------------------------------------------------------------------------------------
That "Init IPFIX: Max number of IPFIX tags: 62" is new - and hopeful.
The invalid interfaces are gone --- but as yet I only see the valid
interfaces I saw before.
0,5 here:
$ ./nfdump -R test/nfcapd.201610302208 -s if
Top 10 In/Out If ordered by -:
Date first seen Duration Proto In/Out If
Flows(%) Packets(%) Bytes(%) pps bps bpp
1969-12-31 18:00:00.000 0.000 any 0
925631(100.0) 19.1 M(100.0) 5.2 G(100.0) 0 0 271
1969-12-31 18:00:00.000 0.000 any 5
925631(100.0) 19.1 M(100.0) 5.2 G(100.0) 0 0 271
Summary: total flows: 925631, total bytes: 5170532854, total
packets: 19062008, avg bps: 0, avg pps: 0, avg bpp: 0
Time window: 2016-10-30 22:08:15 - 2016-10-30 22:43:15
Total flows processed: 925631, Blocks skipped: 0, Bytes read: 77755536
Sys: 0.109s flows/second: 8492027.5 Wall: 0.109s flows/second:
8476474.4
and
0,9 here
$ ./nfdump -R test2/nfcapd.201610302235 -s if
Top 10 In/Out If ordered by -:
Date first seen Duration Proto In/Out If
Flows(%) Packets(%) Bytes(%) pps bps bpp
1969-12-31 18:00:00.000 0.000 any 0
11822(100.0) 139725(100.0) 21.6 M(100.0) 0 0 154
1969-12-31 18:00:00.000 0.000 any 9
11822(100.0) 139725(100.0) 21.6 M(100.0) 0 0 154
Summary: total flows: 11822, total bytes: 21645608, total packets:
139725, avg bps: 0, avg pps: 0, avg bpp: 0
Time window: 2016-10-30 22:35:47 - 2016-10-30 22:45:47
Total flows processed: 11822, Blocks skipped: 0, Bytes read: 993432
Sys: 0.000s flows/second: 0.0 Wall: 0.000s flows/second: 0.0
I expect to see other interfaces being shown as active.
I will collect more data and let you know how
goes.........................
--------------------------------------------------------------
NOTE I am still seeing the invalid date:
$ ./nfdump -R test/nfcapd.201610302208
Date first seen Duration Proto Src IP
Addr:Port Dst IP Addr:Port Packets Bytes Flows
1969-12-31 18:00:00.000 0.000 ICMP x.x.x.x:0 ->
x.x.x.x:0 1 64 1
On 10/30/2016 05:33 PM, James A. Klun wrote:
Thanks for the reply, Gaspard. ----------------------------------------------------- I have been running nfcapd with -Tall
-- James A. Klun jk...@microsolved.com Security Engineer (614) 351 - 1237 PGP Key Available by Request MicroSolved is security expertise you can trust! HoneyPoint Security Server Attackers get stung, instead of you! http://www.microsolved.com/honeypoint
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik
_______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
