netflow tools - Dec 2009 - cisco asr 1006 netflowtool

Dear All,

I am having trouble in timestamp that sent from Cisco ASR Router 1006 to my
flowtools capture. The problem is the time stamp is late 5 hours compare
with file name.

Could you please advice me what should i do to get this problem solved?

/usr/local/flowtool/bin/flow-print -f5 < ft-v05.2009-12-01.141500+0700 >
/home/sokvantha/flow-timestamp-debug.txt

Start             End               Sif   SrcIPaddress    SrcP  DIf
DstIPaddress    DstP    P Fl Pkts       Octets

1201.09:22:16.372 1201.09:43:16.705 27    119.82.250.11   16752 4
194.183.68.237  20458 17  0  42588      2422926
1201.09:22:26.056 1201.09:43:16.716 27    119.82.250.11   16753 4
194.183.68.237  20459 17  0  249        39780
1201.09:38:58.420 1201.09:43:16.348 4     93.182.188.39   11710 27
 119.82.252.133  64319 6   0  448        248826
1201.09:39:30.323 1201.09:43:16.561 4     66.96.134.10    80    28
 110.74.223.13   54438 6   0  2606       3770046
1201.09:41:04.423 1201.09:43:16.967 34    118.67.204.20   49652 4
122.224.114.157 35883 6   0  581        325600
1201.09:41:04.503 1201.09:43:16.959 4     122.224.114.157 35883 34
 118.67.204.20   49652 6   0  325        15402
1201.09:41:14.343 1201.09:43:16.882 4     76.117.146.191  29559 28
 110.74.223.142  4544  6   0  228        215922
1201.09:41:14.726 1201.09:43:16.386 28    110.74.223.142  4544  4
76.117.146.191  29559 6   0  275        196013
1201.09:41:25.958 1201.09:43:16.226 2     218.253.64.60   10154 27
 110.74.196.36   4619  6   0  68         3142
1201.09:41:59.233 1201.09:43:16.575 27    119.82.252.41   29797 4
58.61.165.218   8000  17  0  12         952
1201.09:41:59.743 1201.09:43:16.669 2     221.7.93.225    18218 28
 110.74.197.34   7078  17  0  107        6984
1201.09:42:15.183 1201.09:43:16.416 4     96.49.82.47     11246 34
 118.67.204.20   15000 17  0  17         1150
1201.09:42:15.187 1201.09:43:16.420 4     96.49.82.47     11246 34
 118.67.204.20   56937 17  0  15         1024
1201.09:42:16.356 1201.09:43:16.009 27    119.82.253.149  37327 4
203.218.92.44   55561 6   0  17         926
1201.09:42:18.533 1201.09:43:16.230 28    119.82.253.53   1605  4
79.141.174.36   80    6   1  88         4518
1201.09:42:18.879 1201.09:43:16.217 2     79.141.174.36   80    28
 119.82.253.53   1605  6   1  124        175648
1201.09:42:25.333 1201.09:43:16.281 34    118.67.204.55   57617 4
217.22.246.78   25    6   0  54         7124
1201.09:42:25.699 1201.09:43:16.645 4     217.22.246.78   25    34
 118.67.204.55   57617 6   0  29         2339
1201.09:42:27.228 1201.09:43:16.830 2     114.249.128.159 63672 28
 119.82.255.11   1517  6   0  28         22072
1201.09:42:27.234 1201.09:43:16.851 28    119.82.255.11   1517  4
114.249.128.159 63672 6   0  18         1118
1201.09:42:32.081 1201.09:43:16.737 27    110.74.196.133  65303 4
75.64.54.46     6244  6   0  22         1409
1201.09:42:32.408 1201.09:43:16.243 27    119.82.252.17   16291 4
208.94.234.75   80    6   1  1092       46996
1201.09:42:32.647 1201.09:43:16.237 4     208.94.234.75   80    28
 119.82.252.17   16291 6   1  1781       2058359

-- 
Best Regards,
YOUK Sokvantha
Tell: (855) 89896589
email: sokvantha at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.mindrot.org/pipermail/netflow-tools/attachments/20091202/48a5a637/attachment.html>

Common issue.  Check the time and time zone on your router with "sho
clock".

I suggest using ntp if possible, my Ciscos clock-skew pretty easily.

On Wed, Dec 02, 2009 at 10:37:18AM +0700, Sokvantha YOUK
wrote:
> Dear All,
> 
> I am having trouble in timestamp that sent from Cisco ASR Router 1006 to my
> flowtools capture. The problem is the time stamp is late 5 hours compare
> with file name.
> 
> Could you please advice me what should i do to get this problem solved?
> 
> /usr/local/flowtool/bin/flow-print -f5 < ft-v05.2009-12-01.141500+0700
>
> /home/sokvantha/flow-timestamp-debug.txt
> 
> Start             End               Sif   SrcIPaddress    SrcP  DIf
> DstIPaddress    DstP    P Fl Pkts       Octets
> 
> 1201.09:22:16.372 1201.09:43:16.705 27    119.82.250.11   16752 4
> 194.183.68.237  20458 17  0  42588      2422926
> 1201.09:22:26.056 1201.09:43:16.716 27    119.82.250.11   16753 4
> 194.183.68.237  20459 17  0  249        39780
> 1201.09:38:58.420 1201.09:43:16.348 4     93.182.188.39   11710 27
>  119.82.252.133  64319 6   0  448        248826
> 1201.09:39:30.323 1201.09:43:16.561 4     66.96.134.10    80    28
>  110.74.223.13   54438 6   0  2606       3770046
> 1201.09:41:04.423 1201.09:43:16.967 34    118.67.204.20   49652 4
> 122.224.114.157 35883 6   0  581        325600
> 1201.09:41:04.503 1201.09:43:16.959 4     122.224.114.157 35883 34
>  118.67.204.20   49652 6   0  325        15402
> 1201.09:41:14.343 1201.09:43:16.882 4     76.117.146.191  29559 28
>  110.74.223.142  4544  6   0  228        215922
> 1201.09:41:14.726 1201.09:43:16.386 28    110.74.223.142  4544  4
> 76.117.146.191  29559 6   0  275        196013
> 1201.09:41:25.958 1201.09:43:16.226 2     218.253.64.60   10154 27
>  110.74.196.36   4619  6   0  68         3142
> 1201.09:41:59.233 1201.09:43:16.575 27    119.82.252.41   29797 4
> 58.61.165.218   8000  17  0  12         952
> 1201.09:41:59.743 1201.09:43:16.669 2     221.7.93.225    18218 28
>  110.74.197.34   7078  17  0  107        6984
> 1201.09:42:15.183 1201.09:43:16.416 4     96.49.82.47     11246 34
>  118.67.204.20   15000 17  0  17         1150
> 1201.09:42:15.187 1201.09:43:16.420 4     96.49.82.47     11246 34
>  118.67.204.20   56937 17  0  15         1024
> 1201.09:42:16.356 1201.09:43:16.009 27    119.82.253.149  37327 4
> 203.218.92.44   55561 6   0  17         926
> 1201.09:42:18.533 1201.09:43:16.230 28    119.82.253.53   1605  4
> 79.141.174.36   80    6   1  88         4518
> 1201.09:42:18.879 1201.09:43:16.217 2     79.141.174.36   80    28
>  119.82.253.53   1605  6   1  124        175648
> 1201.09:42:25.333 1201.09:43:16.281 34    118.67.204.55   57617 4
> 217.22.246.78   25    6   0  54         7124
> 1201.09:42:25.699 1201.09:43:16.645 4     217.22.246.78   25    34
>  118.67.204.55   57617 6   0  29         2339
> 1201.09:42:27.228 1201.09:43:16.830 2     114.249.128.159 63672 28
>  119.82.255.11   1517  6   0  28         22072
> 1201.09:42:27.234 1201.09:43:16.851 28    119.82.255.11   1517  4
> 114.249.128.159 63672 6   0  18         1118
> 1201.09:42:32.081 1201.09:43:16.737 27    110.74.196.133  65303 4
> 75.64.54.46     6244  6   0  22         1409
> 1201.09:42:32.408 1201.09:43:16.243 27    119.82.252.17   16291 4
> 208.94.234.75   80    6   1  1092       46996
> 1201.09:42:32.647 1201.09:43:16.237 4     208.94.234.75   80    28
>  119.82.252.17   16291 6   1  1781       2058359
> 
> -- 
> Best Regards,
> YOUK Sokvantha
> Tell: (855) 89896589
> email: sokvantha at gmail.com
> _______________________________________________
> netflow-tools mailing list
> netflow-tools at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/netflow-tools

-- 
Michael W. Lucas 	mwlucas at BlackHelicopters.org
http://www.MichaelWLucas.com/
Latest book:  Cisco Routers for the Desperate, 2nd Edition
http://www.CiscoRoutersForTheDesperate.com/

Dear Michael,
*
*
*My time in Linux and router is the same. We are using NTP. Please find
below result: *
*
*
Time in Router ASR 1006
14:49:08.926 GMT+7 Wed Dec 2 2009

Time in Linux x64
Wed Dec  2 14:49:31 ICT 2009

Are there any other ways should I check more?

Thank you so much for your responsed.


On Wed, Dec 2, 2009 at 10:37 AM, Sokvantha YOUK <sokvantha at gmail.com>
wrote:
> Dear All,
>
> I am having trouble in timestamp that sent from Cisco ASR Router 1006 to my
> flowtools capture. The problem is the time stamp is late 5 hours compare
> with file name.
>
> Could you please advice me what should i do to get this problem solved?
>
> /usr/local/flowtool/bin/flow-print -f5 < ft-v05.2009-12-01.141500+0700
>
> /home/sokvantha/flow-timestamp-debug.txt
>
> Start             End               Sif   SrcIPaddress    SrcP  DIf
> DstIPaddress    DstP    P Fl Pkts       Octets
>
> 1201.09:22:16.372 1201.09:43:16.705 27    119.82.250.11   16752 4
> 194.183.68.237  20458 17  0  42588      2422926
> 1201.09:22:26.056 1201.09:43:16.716 27    119.82.250.11   16753 4
> 194.183.68.237  20459 17  0  249        39780
> 1201.09:38:58.420 1201.09:43:16.348 4     93.182.188.39   11710 27
>  119.82.252.133  64319 6   0  448        248826
> 1201.09:39:30.323 1201.09:43:16.561 4     66.96.134.10    80    28
>  110.74.223.13   54438 6   0  2606       3770046
> 1201.09:41:04.423 1201.09:43:16.967 34    118.67.204.20   49652 4
> 122.224.114.157 35883 6   0  581        325600
> 1201.09:41:04.503 1201.09:43:16.959 4     122.224.114.157 35883 34
>  118.67.204.20   49652 6   0  325        15402
> 1201.09:41:14.343 1201.09:43:16.882 4     76.117.146.191  29559 28
>  110.74.223.142  4544  6   0  228        215922
> 1201.09:41:14.726 1201.09:43:16.386 28    110.74.223.142  4544  4
> 76.117.146.191  29559 6   0  275        196013
> 1201.09:41:25.958 1201.09:43:16.226 2     218.253.64.60   10154 27
>  110.74.196.36   4619  6   0  68         3142
> 1201.09:41:59.233 1201.09:43:16.575 27    119.82.252.41   29797 4
> 58.61.165.218   8000  17  0  12         952
> 1201.09:41:59.743 1201.09:43:16.669 2     221.7.93.225    18218 28
>  110.74.197.34   7078  17  0  107        6984
> 1201.09:42:15.183 1201.09:43:16.416 4     96.49.82.47     11246 34
>  118.67.204.20   15000 17  0  17         1150
> 1201.09:42:15.187 1201.09:43:16.420 4     96.49.82.47     11246 34
>  118.67.204.20   56937 17  0  15         1024
> 1201.09:42:16.356 1201.09:43:16.009 27    119.82.253.149  37327 4
> 203.218.92.44   55561 6   0  17         926
> 1201.09:42:18.533 1201.09:43:16.230 28    119.82.253.53   1605  4
> 79.141.174.36   80    6   1  88         4518
> 1201.09:42:18.879 1201.09:43:16.217 2     79.141.174.36   80    28
>  119.82.253.53   1605  6   1  124        175648
> 1201.09:42:25.333 1201.09:43:16.281 34    118.67.204.55   57617 4
> 217.22.246.78   25    6   0  54         7124
> 1201.09:42:25.699 1201.09:43:16.645 4     217.22.246.78   25    34
>  118.67.204.55   57617 6   0  29         2339
> 1201.09:42:27.228 1201.09:43:16.830 2     114.249.128.159 63672 28
>  119.82.255.11   1517  6   0  28         22072
> 1201.09:42:27.234 1201.09:43:16.851 28    119.82.255.11   1517  4
> 114.249.128.159 63672 6   0  18         1118
> 1201.09:42:32.081 1201.09:43:16.737 27    110.74.196.133  65303 4
> 75.64.54.46     6244  6   0  22         1409
> 1201.09:42:32.408 1201.09:43:16.243 27    119.82.252.17   16291 4
> 208.94.234.75   80    6   1  1092       46996
> 1201.09:42:32.647 1201.09:43:16.237 4     208.94.234.75   80    28
>  119.82.252.17   16291 6   1  1781       2058359
>
> --
> Best Regards,
> YOUK Sokvantha
> Tell: (855) 89896589
> email: sokvantha at gmail.com
>


-- 
YOUK Sokvantha
Tell: (855) 89896589
email: sokvantha at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.mindrot.org/pipermail/netflow-tools/attachments/20091202/873d5c15/attachment-0001.html>

Sokvantha,

Can you show us your flow-capture statement?

Joe



From:
Sokvantha YOUK <sokvantha at gmail.com>
To:
netflow-tools at mindrot.org
Date:
12/02/2009 02:53 AM
Subject:
Re: [netflow-tools] cisco asr 1006 netflowtool



Dear Michael,

My time in Linux and router is the same. We are using NTP. Please find 
below result: 

Time in Router ASR 1006
14:49:08.926 GMT+7 Wed Dec 2 2009

Time in Linux x64
Wed Dec  2 14:49:31 ICT 2009

Are there any other ways should I check more?

Thank you so much for your responsed.


On Wed, Dec 2, 2009 at 10:37 AM, Sokvantha YOUK <sokvantha at gmail.com> 
wrote:
Dear All,

I am having trouble in timestamp that sent from Cisco ASR Router 1006 to 
my flowtools capture. The problem is the time stamp is late 5 hours 
compare with file name.

Could you please advice me what should i do to get this problem solved?

/usr/local/flowtool/bin/flow-print -f5 < ft-v05.2009-12-01.141500+0700 > 
/home/sokvantha/flow-timestamp-debug.txt

Start             End               Sif   SrcIPaddress    SrcP  DIf   
DstIPaddress    DstP    P Fl Pkts       Octets

1201.09:22:16.372 1201.09:43:16.705 27    119.82.250.11   16752 4     
194.183.68.237  20458 17  0  42588      2422926
1201.09:22:26.056 1201.09:43:16.716 27    119.82.250.11   16753 4     
194.183.68.237  20459 17  0  249        39780
1201.09:38:58.420 1201.09:43:16.348 4     93.182.188.39   11710 27   
 119.82.252.133  64319 6   0  448        248826
1201.09:39:30.323 1201.09:43:16.561 4     66.96.134.10    80    28   
 110.74.223.13   54438 6   0  2606       3770046
1201.09:41:04.423 1201.09:43:16.967 34    118.67.204.20   49652 4     
122.224.114.157 35883 6   0  581        325600
1201.09:41:04.503 1201.09:43:16.959 4     122.224.114.157 35883 34   
 118.67.204.20   49652 6   0  325        15402
1201.09:41:14.343 1201.09:43:16.882 4     76.117.146.191  29559 28   
 110.74.223.142  4544  6   0  228        215922
1201.09:41:14.726 1201.09:43:16.386 28    110.74.223.142  4544  4     
76.117.146.191  29559 6   0  275        196013
1201.09:41:25.958 1201.09:43:16.226 2     218.253.64.60   10154 27   
 110.74.196.36   4619  6   0  68         3142
1201.09:41:59.233 1201.09:43:16.575 27    119.82.252.41   29797 4     
58.61.165.218   8000  17  0  12         952
1201.09:41:59.743 1201.09:43:16.669 2     221.7.93.225    18218 28   
 110.74.197.34   7078  17  0  107        6984
1201.09:42:15.183 1201.09:43:16.416 4     96.49.82.47     11246 34   
 118.67.204.20   15000 17  0  17         1150
1201.09:42:15.187 1201.09:43:16.420 4     96.49.82.47     11246 34   
 118.67.204.20   56937 17  0  15         1024
1201.09:42:16.356 1201.09:43:16.009 27    119.82.253.149  37327 4     
203.218.92.44   55561 6   0  17         926
1201.09:42:18.533 1201.09:43:16.230 28    119.82.253.53   1605  4     
79.141.174.36   80    6   1  88         4518
1201.09:42:18.879 1201.09:43:16.217 2     79.141.174.36   80    28   
 119.82.253.53   1605  6   1  124        175648
1201.09:42:25.333 1201.09:43:16.281 34    118.67.204.55   57617 4     
217.22.246.78   25    6   0  54         7124
1201.09:42:25.699 1201.09:43:16.645 4     217.22.246.78   25    34   
 118.67.204.55   57617 6   0  29         2339
1201.09:42:27.228 1201.09:43:16.830 2     114.249.128.159 63672 28   
 119.82.255.11   1517  6   0  28         22072
1201.09:42:27.234 1201.09:43:16.851 28    119.82.255.11   1517  4     
114.249.128.159 63672 6   0  18         1118
1201.09:42:32.081 1201.09:43:16.737 27    110.74.196.133  65303 4     
75.64.54.46     6244  6   0  22         1409
1201.09:42:32.408 1201.09:43:16.243 27    119.82.252.17   16291 4     
208.94.234.75   80    6   1  1092       46996
1201.09:42:32.647 1201.09:43:16.237 4     208.94.234.75   80    28   
 119.82.252.17   16291 6   1  1781       2058359

-- 
Best Regards,
YOUK Sokvantha
Tell: (855) 89896589
email: sokvantha at gmail.com



-- 
YOUK Sokvantha
Tell: (855) 89896589
email: sokvantha at gmail.com_______________________________________________
netflow-tools mailing list
netflow-tools at mindrot.org
https://lists.mindrot.org/mailman/listinfo/netflow-tools


-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.mindrot.org/pipermail/netflow-tools/attachments/20091202/d78c5c5a/attachment.html>