Hi everybody, I've got an app that's crashing, complaining about a flow that is outside of its time window. I figured out that the flow it complains about isn't wrong; it's the one before, which claims to be from September 2004. Yeikes!
Here's the flow under flow-export -f 2: 1090846405,95362500,496,128.32.23.45,3,144,4294943380,4294951940,0,0,83.152.130.232,169.229.67.89,0.0.0.0,9,0,3783,4661,6,0,2,0,16,0,0 Here's the "same" flow under flow-print -f 5: 0913.22:55:47.979 0913.22:55:56.539 9 83.152.130.232 3783 0 169.229.67.89 4661 6 2 3 144 Obviously there's something very funky going on here. What I need some help on is figuring out where in the flow-export record the duration of the flow is listed. I'm thinking that maybe there's something very wrong with that field (overflow/negative perhaps?) that is making this flow jump into the future. It should be noted that this flow comes from a cisco 6509 running in hybrid mode. I've had problems with flows form such machines in the past, so I'm very willing to implicate corrupt netflow packets. I read the flow-export man page, but I couldn't figure out what field (if any) determines the duration of a flow...flow-print -f 5 has it in there, so it must be in the flow somewhere, but I am missing it. Thanks, Mike _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
