Hello,
i try to configure nfdump, but there is probably a bug in the latest version.
I'm using ipt_netflow 1.8.2 kernel module and nfcapd for packet capturing.
So the problem is, that when i use nfdump to view NATted packets then it looks
like this
2014-06-03 13:29:44.503 INVALID UDP 111.221.74.2:40027 ->
10.0.10.22:44979 0.0.0.0:0 -> 0.0.0.0:0
1970-01-01 01:00:00.44979 IGNORE UDP 10.0.10.30:47334 ->
216.239.32.10:53 178.1.1.65:47334 -> 216.239.2.10:53
1970-01-01 01:00:00.44979 IGNORE UDP 10.0.10.30:40560 ->
216.239.32.10:53 178.1.1.65:40560 -> 216.239.2.10:53
so as you can see, time is ok only for packets without NAT.
But this problem occurs only with nfcapd 1.6.12, because when i run nfdump on
older dump file, created with nfcapd 1.6.11 then time is ok, but there was
problem with ports in nfdump 1.6.11.
Here is output of nfdump 1.6.12 with dump file from nfcapd 1.6.11.
2014-05-29 17:04:59.226 IGNORE UDP 10.0.10.30:31391 ->
205.251.12.176:53 178.1.1.65:31391 -> 205.251.12.176:53
2014-05-29 17:04:59.336 CREATE TCP 188.92.7.25:44303 -> 31.17.16.10:80
188.92.7.25:44303 -> 192.168.7.101:80
So please, is there any quick fix, that i don't need to wait for new version ?
Thank you
Best regards
--
S pozdravem
Martin Šoltis
Linux Administrator
ÚVT s.r.o.
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
