The value of the parameter TTL is displayed as 0

[sever-sever]

We are use a port mirror for collect traffic and community version of Fastnetmon. The value of TTL in /var/log/fastnetmon_attacks is always displayed as 0.

2019-02-24 14:09:48.390050 42.x.206.30:40293 > 91.x.x.x:53 protocol: tcp flags: psh,ack frag: 0 packets: 1 size: 74 bytes ttl: 0 sample ratio: 1.. 2019-02-24 14:09:48.390051 193.x.139.27:64866 > 91.x.x.x:53 protocol: tcp flags: psh,ack frag: 0 packets: 1 size: 76 bytes ttl: 0 sample ratio: 1.. 2019-02-24 14:09:48.390051 50.x.14.120:30623 > 91.x.x.x:53 protocol: tcp flags: psh,ack frag: 0 packets: 1 size: 66 bytes ttl: 0 sample ratio: 1.. 2019-02-24 14:09:48.390051 219.x.208.115:55969 > 91.x.x.x:53 protocol: tcp flags: psh,ack frag: 0 packets: 1 size: 74 bytes ttl: 0 sample ratio: 1.. 2019-02-24 14:09:48.390052 194.x.23.52:57846 > 91.x.x.x:53 protocol: tcp flags: psh,ack frag: 0 packets: 1 size: 77 bytes ttl: 0 sample ratio: 1..

[pavel-odintsov]

Hello!

Thank you for reporting!

From what I see it should work well: https://github.com/pavel-odintsov/fastnetmon/blob/611ccd8bf494d6356901a6ac7cde5998bfe061e2/src/unified_parser.cpp#L58

Can you capture small pcap dump and share with me?

Also, I can suggest installing latest version of FastNetMon if you can do it: https://fastnetmon.com/install/

Thank you!

[pavel-odintsov]

Hello!

Feel free to reopen ticket if it happen again.