[Nfdump-discuss] nfcapd -r pcap file

Wed, 13 Apr 2016 05:18:38 -0700 

Hello all,

First of all I have to say that I am new with nfdump-nfcapd.

I am running a Debian system and have recompiled the nfdump package to be
able to create netflow from a pcap.

I have tested it and it does create the file but when I use nfdump -r file
I see nothing :S it says no flows

==========
nfcapd -f test.pcap -E -l .

File Block Header:
  NumBlocks     =          24
  Size          =         568
  id         =           2

Ident: 'none' Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad
Packets: 805
Total ignored packets: 0
Terminating nfcapd.
==========

ls -al

1140 abr 13 14:05 nfcapd.201604131405

==========

nfdump -r nfcapd.201604131405

Date first seen          Duration Proto      Src IP Addr:Port          Dst
IP Addr:Port   Packets    Bytes Flows
Verify map id 2: ERROR: Expected 7 elements in map, but found 1!
Summary: total flows: 0, total bytes: 0, total packets: 0, avg bps: 0, avg
pps: 0, avg bpp: 0
Time window: 2016-04-13 14:05:59 - 2016-04-13 14:10:59
Total flows processed: 0, Blocks skipped: 0, Bytes read: 864
Sys: 0.000s flows/second: 0.0        Wall: 0.000s flows/second: 0.0

===========

The pcap file is created in the wild just with some http traffic.

In case it is needed, the process I have followed is the following one.

create a temp folder and download the source
modify the debian/rules and added --enable-readpcap
modify the debian/control and add libpcap-dev
install dependencies
recompile
install the new package

What am I doing wrong?, because for sure I am doing something wrong xD

Regards,

-- 
Borja Luaces Altares
Junior malware analyst

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to