From rrbarbosa at gmail.com Sat Jan 16 02:00:03 2010 From: rrbarbosa at gmail.com (Rafael Barbosa) Date: Fri, 15 Jan 2010 16:00:03 +0100 Subject: [netflow-tools] pcap to nfdump format Message-ID: Hi all, I am testing ways to import captured pcap data to nfdump format. I came across the softflowd tool which makes the work quite simple. However I am running into a odd problem with the timestamps. Here is what I do: - run nfcapd - run softflowd to read the pcap file and set the destination (-n argument) to the nfcapd address (localhost:9995) - quit nfcapd and read its output with nfdump The problem is that the pcap file was collected in March 2009 (timestamp eg. 1235865507.487366) , and nfdump report the flows timestamps as being in February 2010 (timestamp eg. 1265930293). Can someone help me understand what is happening with the timestamps? Sorry if it this question was already asked but I failed to find an archive for this mailing list. I am running softflow 0.9.8 and nfdump 1.5.6_4. Thanks for the attention, Rafael Barbosa -------------- next part -------------- An HTML attachment was scrubbed... URL: