Hello Dhanasekaran, Timestamps in flow records are set by the device that's exporting the data. If some of the devices you're exporting from from have unsynchronized clocks then you'll likely get some records with bizarre timestamps. This has nothing to do with how nfcapd works.
Try checking your exporters to make sure they're running ntp and are synced to a reliable ntp source. Hope this helps! -- Dave Deitrich deitr...@cymru.com On 7/9/14, 6:47 PM, Dhanasekaran Anbalagan wrote: > Hi Guys, > > I am new to nfdump project, When I try to collect netflow data to nfcapd. I > am getting different time stamp for different source IP's > > For Example: > > [/tmp/dhana/2014/07/09/18]$ nfdump -R nfcapd.201407091820 > Date first seen Duration Proto Src IP Addr:Port Dst > IP Addr:Port Packets Bytes Flows > 1969-12-31 19:00:00.995 -0.995 UDP 192.168.70.81:48095 -> > 8.8.8.8:53 0 80 1 > 2014-07-09 14:20:19.555 0.000 TCP 192.168.70.81:44418 -> > 176.74.176.178:25 0 0 1 > 1969-12-31 19:00:00.115 -0.115 TCP 192.168.70.74:52010 -> > 216.17.0.221:443 0 390837 1 > > > > Please guide me How to understand data, Why it's show different time stamp. > > > I am using package versions :: > > [/tmp/dhana/2014/07/09/18]$ *nfcapd -V* > *nfcapd: Version: 1.6.12 $Date: 2014-04-02 20:08:48 +0200 (Wed, 02 Apr > 2014) $* > [/tmp/dhana/2014/07/09/18]$* nfdump -V* > *nfdump: Version: 1.6.12 $Date: 2014-04-02 20:08:48 +0200 (Wed, 02 Apr > 2014) $* > > > Did I learn something today? If not, I wasted it. > > ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
