Wrong end time leads to negative duration
Opened this issue · 0 comments
GoogleCodeExporter commented
What steps will reproduce the problem?
1. Setup a pfSense router to send NetFlow V9 to a CentOS 6/FlowViewer/IPFIX
2. Take a Wireshark trace on CentOS with tcpdump
3. Observe following decoding:
Cisco NetFlow/IPFIX
Version: 9
Count: 14
SysUptime: 129080.231279120 seconds
Timestamp: Nov 2, 2014 09:17:01.000000000 Paris, Madrid
CurrentSecs: 1414916221
FlowSequence: 163268
SourceId: 0
FlowSet 1
FlowSet Id: (Data) (1024)
FlowSet Length: 440
Flow 1
SrcAddr: 192.168.100.64 (192.168.100.64)
DstAddr: 192.168.150.15 (192.168.150.15)
[Duration: -0.061000000 seconds]
StartTime: 128738.007000000 seconds
EndTime: 128737.946000000 seconds
Octets: 116
Packets: 1
SrcPort: 63880
DstPort: 161
Protocol: 17
TCP Flags: 0x00
IPVersion: 04
Flow 2
SrcAddr: 192.168.150.15 (192.168.150.15)
DstAddr: 192.168.100.64 (192.168.100.64)
[Duration: -0.061000000 seconds]
StartTime: 128738.007000000 seconds
EndTime: 128737.946000000 seconds
Octets: 130
Packets: 1
SrcPort: 161
DstPort: 63880
Protocol: 17
TCP Flags: 0x00
IPVersion: 04
What is the expected output? What do you see instead?
End time later than Start time
What version of the product are you using? On what operating system?
pfSense 2.1.5-RELEASE (i386)
softflowd 0.9.8 pkg v1.0.1
Please provide any additional information below.
Regards
Antoine
Original issue reported on code.google.com by antoined...@gmail.com
on 3 Nov 2014 at 11:13