opsec / softflowd

Automatically exported from code.google.com/p/softflowd
Other
0 stars 0 forks source link

Wrong end time leads to negative duration #8

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Setup a pfSense router to send NetFlow V9 to a CentOS 6/FlowViewer/IPFIX
2. Take a Wireshark trace on CentOS with tcpdump
3. Observe following decoding:

Cisco NetFlow/IPFIX
    Version: 9
    Count: 14
    SysUptime: 129080.231279120 seconds
    Timestamp: Nov  2, 2014 09:17:01.000000000 Paris, Madrid
        CurrentSecs: 1414916221
    FlowSequence: 163268
    SourceId: 0
    FlowSet 1
        FlowSet Id: (Data) (1024)
        FlowSet Length: 440
        Flow 1
            SrcAddr: 192.168.100.64 (192.168.100.64)
            DstAddr: 192.168.150.15 (192.168.150.15)
            [Duration: -0.061000000 seconds]
                StartTime: 128738.007000000 seconds
                EndTime: 128737.946000000 seconds
            Octets: 116
            Packets: 1
            SrcPort: 63880
            DstPort: 161
            Protocol: 17
            TCP Flags: 0x00
            IPVersion: 04
        Flow 2
            SrcAddr: 192.168.150.15 (192.168.150.15)
            DstAddr: 192.168.100.64 (192.168.100.64)
            [Duration: -0.061000000 seconds]
                StartTime: 128738.007000000 seconds
                EndTime: 128737.946000000 seconds
            Octets: 130
            Packets: 1
            SrcPort: 161
            DstPort: 63880
            Protocol: 17
            TCP Flags: 0x00
            IPVersion: 04

What is the expected output? What do you see instead?
End time later than Start time

What version of the product are you using? On what operating system?
pfSense 2.1.5-RELEASE (i386)
softflowd 0.9.8 pkg v1.0.1

Please provide any additional information below.

Regards
Antoine

Original issue reported on code.google.com by antoined...@gmail.com on 3 Nov 2014 at 11:13