Hi I’m using the latest routeros 6.42.3
And if I remember I’m using a clone of the repo, NOT the tar file from the releases I will have a look with tshark when I’m in the office later Regards Simon Sent from my iPhone > On 22 May 2018, at 18:16, Brian Candler <b.cand...@pobox.com> wrote: > >> On 22/05/2018 18:09, nfsen-discuss-requ...@lists.sourceforge.net wrote: >> Date first seen Event XEvent Proto Src IP Addr:Port Dst IP Addr:Port X-Src >> IP Addr:Port X-Dst IP Addr:Port In Byte Out Byte >> 2018-05-22 07:59:43.260 INVALID Ignore TCP 192.168.68.15:56509 -> >> 199.16.156.52:443 0.0.0.0:0 -> 0.0.0.0:0 41 0 >> 2018-05-22 07:59:43.390 INVALID Ignore TCP 199.16.156.52:443 -> >> 217.149.97.6:56509 0.0.0.0:0 -> 0.0.0.0:0 52 0 > > Hmm, that doesn't look good. What version of nfdump are you running? And > what version of routerOS? (My test was with 6.41.3) > > It could be that the Mikrotik use of Netflow v9 for NAT information is not > the same as Cisco's NSEL. > > However Mikrotik's flow data appears to be perfectly valid given that I can > decode it successfully with tshark. > > Regards, > > Brian. > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Nfsen-discuss mailing list > Nfsen-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
