-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi list,
we found a problem with using of combination -M and -R options. When we use the -R parameter and only one nfcapd file: $ /usr/bin/nfdump -R /data/nfsen/profiles-data/live/<channel>/2012/12/07/nfcapd.201212072340 'proto tcp and dst port 3389 and flags S and not flags ARFUP and net <subnet/16>' -o 'fmt:%ts;%sa;%da;%fl' -a -A srcip,dstip -q everything is OK. When we use the -R parameter and a range of nfcapd files: $ /usr/bin/nfdump -R /data/nfsen/profiles-data/live/<channel>/2012/12/07/nfcapd.201212070000:nfcapd.201212072355 'proto tcp and dst port 3389 and flags S and not flags ARFUP and net <subnet/16>' -o 'fmt:%ts;%sa;%da;%fl' -a -A srcip,dstip -q everything is OK too, but when we add the -M option to process nfcapd files from one or more days, we get the segmentation fault: $ /usr/bin/nfdump -M /data/nfsen/profiles-data/live/<channel>/ -R 2012/12/07/nfcapd.201212070000:2012/12/07/nfcapd.201212072355 'proto tcp and dst port 3389 and flags S and not flags ARFUP and net <subnet/16>' -o 'fmt:%ts;%sa;%da;%fl' -a -A srcip,dstip -q Segmentation fault or $ /usr/bin/nfdump -M /data/nfsen/profiles-data/live/<channel>/ -R 2012/12/07/nfcapd.201212072355:2012/12/08/nfcapd201212080000 'proto tcp and dst port 3389 and flags S and not flags ARFUP and net <subnet/16>' -o 'fmt:%ts;%sa;%da;%fl' -a -A srcip,dstip -q Segmentation fault Our nfdump version is: nfdump: Version: 1.6.5 $Date: 2011-12-30 15:36:48 +0100 (Fri, 30 Dec 2011) $ Do you have any idea how to fix it? Thank you. Best regards, Tomas Plesnik - -- Tomas Plesnik [email protected] CSIRT-MU, Network Security Department http://www.muni.cz/csirt Institute of Computer Science, Masaryk University, Brno, Czech Republic PGP key ID: 0x9D3722F3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAlEaBt0ACgkQGA/bT503IvNRkgCg1FmgccxLhzWa7wWie0poLRlI ITYAn2DM2ZCJCeluL9+Pt1ShO1cHQzyA =w0Aj -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
