> > The current master on Github doesn't include a configure file or the > > Makefile.in files. I'm having a bit of trouble running the autoconf > > tools to produce this. Is there a version available (similar to version > > 1.6.16) which includes these files - thus I should only have to run > > ./configure to get started? > > I submitted the patch to remove ./configure. The idea being that for > development > one would always have the required autotools available (run ./bootstrap). > Peter should add a source tarball (created with "make dist") to releases so it > should be available in a release.
Thank you, this made it possible to get further. Unfortunately the result was not a great success - it looks like there is some offset mismatch between the data produced by nfcapd, and the result of using nfdump. I switched from the 1.6.16 nfcapd to the github nfcapd at 21:49 this evening. This is a typical example of 1.6.16 nfcapd and nfdump (-r 2017/12/30/21/nfcapd.201712302140) showing the same time stamp problem as before, but other fields are reasonable: Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 1970-01-01 01:00:00.000 0.000 UDP 213.138.160.70:53 -> 208.91.112.52:26218 1 166 1 1970-01-01 01:00:00.000 0.000 TCP 91.135.34.26:443 -> 213.138.169.192:54447 12 18168 1 1970-01-01 01:00:00.000 0.000 TCP 213.138.174.158:58485 -> 148.251.64.174:80 2 120 1 1970-01-01 01:00:00.000 0.000 TCP 193.90.147.79:443 -> 213.138.168.174:50421 37 56018 1 1970-01-01 01:00:00.000 0.000 TCP 172.217.18.142:443 -> 213.138.177.40:38406 1 66 1 This is what I get after building the github version - both nfcapd and nfdump are the github version (-r 2017/12/30/21/nfcapd.201712302155): Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 1970-01-01 01:00:00.000 0.000 0 0.0.0.1:46931 -> 0.0.0.0:54666 292 4647080.3 T 1 1970-01-01 01:00:00.000 0.000 0 0.0.0.2:40996 -> 0.0.0.0:54666 126 2271150.0 T 1 1970-01-01 01:00:00.000 0.000 0 0.0.0.16:21024 -> 0.0.0.0:54580 23424 13753711.8 T 1 1970-01-01 01:00:00.000 0.000 0 0.0.0.1:46247 -> 0.0.0.0:54666 130 3039013.7 T 1 1970-01-01 01:00:00.000 0.000 0 0.0.0.54:33301 -> 0.0.0.0:38010 81756 13753720.9 T 1 The problem seems to be nfcapd - if I use the new (github) version of nfdump with an older nfcapd file (-r 2017/12/30/21/nfcapd.201712302140 as above) it works as before (time stamps are still wrong but other fields are okay): Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 1970-01-01 01:00:00.000 0.000 UDP 213.138.160.70:53 -> 208.91.112.52:26218 1 166 1 1970-01-01 01:00:00.000 0.000 TCP 91.135.34.26:443 -> 213.138.169.192:54447 12 18168 1 1970-01-01 01:00:00.000 0.000 TCP 213.138.174.158:58485 -> 148.251.64.174:80 2 120 1 1970-01-01 01:00:00.000 0.000 TCP 193.90.147.79:443 -> 213.138.168.174:50421 37 56018 1 1970-01-01 01:00:00.000 0.000 TCP 172.217.18.142:443 -> 213.138.177.40:38406 1 66 1 Suggestions on how to debug this? Steinar Haug, AS2116 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
