[netflow-tools] pcap to nfdump format
Rafael Barbosa
rrbarbosa at gmail.com
Sat Jan 16 02:00:03 EST 2010
Hi all,
I am testing ways to import captured pcap data to nfdump format. I came
across the softflowd tool which makes the work quite simple.
However I am running into a odd problem with the timestamps. Here is what I
do:
- run nfcapd
- run softflowd to read the pcap file and set the destination (-n argument)
to the nfcapd address (localhost:9995)
- quit nfcapd and read its output with nfdump
The problem is that the pcap file was collected in March 2009 (timestamp eg.
1235865507.487366) , and nfdump report the flows timestamps as being in
February 2010 (timestamp eg. 1265930293).
Can someone help me understand what is happening with the timestamps?
Sorry if it this question was already asked but I failed to find an archive
for this mailing list.
I am running softflow 0.9.8 and nfdump 1.5.6_4.
Thanks for the attention,
Rafael Barbosa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mindrot.org/pipermail/netflow-tools/attachments/20100115/acb49d6e/attachment.html>
More information about the netflow-tools
mailing list