[Nfdump-discuss] nfdump missing handling of systemInitTimeMilliseconds ?

This is in reality a followup of a thread from January 2018: https://sourceforge.net/p/nfdump/mailman/message/36174318/ where I had IPFIX export from a Huawei router which was printed with a start time of 1. January 1970 due to missing information in the export from the router. Specifically,

Re: [Nfdump-discuss] nfdump release candidate

> > The current master on Github doesn't include a configure file or the > > Makefile.in files. I'm having a bit of trouble running the autoconf > > tools to produce this. Is there a version available (similar to version > > 1.6.16) which includes these files - thus I should only have to run > > ./

Re: [Nfdump-discuss] nfdump release candidate

> > I spent quite some time in cleaning up older requests and bugfixes for > > nfdump > > > > Before releasing 1.6.17 I would like to get some feedback on bugs you found > > in the current master on Github. > > The current master on Github doesn't include a configure file or the > Makefile.in fi

Re: [Nfdump-discuss] nfdump release candidate

> I spent quite some time in cleaning up older requests and bugfixes for nfdump > > Before releasing 1.6.17 I would like to get some feedback on bugs you found > in the current master on Github. The current master on Github doesn't include a configure file or the Makefile.in files. I'm having a b

Re: [Nfdump-discuss] NX-OS 8.1 - nfdump compatibility

> When capturing the data in Wireshark the timestamp looks fine. That's exactly what I see too. But nfdump seems unable to display the correct timestamp. Steinar Haug, AS2116 > > On Oct 22, 2017 8:15 AM, wrote: > > > > I configured the netflow feature on the Nexus and having problems. > > >

Re: [Nfdump-discuss] NX-OS 8.1 - nfdump compatibility

> I configured the netflow feature on the Nexus and having problems. > Wondering if anyone knows if there are any issues with nfdump and the NX-OS > version 8. > > 1) Issue is that when looking at the nfcapd file the date is incorrect. > this is an example of what I see: Similar and possibly rele

[Nfdump-discuss] nfdump-1.6.13 incorrect decode of IPfix first/last time

th v9 and ipfix exports, and the nfcapd file for the ipfix export, available at http://www.nethelp.no/nfdump-info.tgz This contains -rw-r--r-- 0 sthaug sthaug758 Nov 9 09:35 nfcapd.201611090930 -rw-r--r-- 0 sthaug sthaug 8472 Nov 9 09:52 ipfix.pcap -rw-r--r-- 0 sthaug sthaug

Re: [Nfdump-discuss] TCP information not displayed

> My issue is that I configured my Cisco router to match TCP sequence number, > Acknowledge number, Window TCP and so on but I didn't find a way to read > this information with Nfdump. > Is there a way to parse this information ? When I run Wireshark I see the > information in the pcap files. Pcap

Re: [Nfdump-discuss] DNS

> Is there a way of see the DNS information on nfdump? > > I am trying to view the DNS to see which application the user use > Thanks You can't see what names the user is trying to lookup with nfdump. You can see IP addresses and ports (so, for instance, you can assume that UDP port 53 traffi

Re: [Nfdump-discuss] Juniper MX MS-MPC / DPC V9 Netflow pps/bps low?

> Just for clarification on the list, it definitely *does* have an effect. > When we had 1:1 our file sizes were 300MB every couple of mins. 1:500 > dropped that to 30M files. Also we're doing the sampling commands on the > interfaces (ie ; family inet, sampling input/output). This isn't in-line

Re: [Nfdump-discuss] Juniper MX MS-MPC / DPC V9 Netflow pps/bps low?

> Also note that the sampling rate you are playing with has no effect really. > Sampling with inline Flow is done at a 1:1 rate. The sample rate I believe > just sets the scaling factor. On all the installations I$,1ry(Bve done > I$,1ry(Bve set the rate to 1 as well with out negative imp

Re: [Nfdump-discuss] Juniper MX MS-MPC / DPC V9 Netflow pps/bps low?

> Nfdump has been working fantastically for us until we upgraded to 1:1 with > an MS-MPC. It appears the MS-MPC on MX routers only support V9, and they > don't support aggregation. > > Everything was fine with Verison 5 Route Engine sampling. Now, at full > blown 1:1 sampling via MS-MPC, everyth