Quantcast
Channel: VMware Communities : All Content - All Communities
Viewing all articles
Browse latest Browse all 179681

problems with netflow from dVS 5.1

$
0
0

I capture some netflow generated from vDS5.1. It uses v10 protocol. When use wireshark to check the data flow sets, I found all the values for "StartTime" and "EndTime" are in 1970. According to spec, they should be the absolute time.

 

This is an example shows the dissecting result:

 

The hex values for StartTime is: 0x00012fd1 (the packet is taken today, Dec. 13, 2012

 

Set 1
        FlowSet Id: (Data) (256)
        FlowSet Length: 56
        Flow 1
            Octets: 229
            Packets: 1
            SrcAddr: 10.8.1.16 (10.8.1.16)
            DstAddr: 10.8.255.255 (10.8.255.255)
            SrcPort: 138
            DstPort: 138
            InputInt: 0
            OutputInt: 10
            Enterprise Private entry: ((null)) Type 888: Value (hex bytes): 00 00 00 00
            [Duration: 0.000000000 seconds]
                StartTime: Jan  1, 1970 13:36:17.000000000 Pacific Standard Time
                EndTime: Jan  1, 1970 13:36:17.000000000 Pacific Standard Time
            Protocol: 17
            Flow End Reason: Idle timeout (1)
            Padding (2 bytes)

 

How do we know the actual time the data set was generated?


Viewing all articles
Browse latest Browse all 179681

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>