Nfdump - wrong date / timestamp on Cisco Viptela SD-WAN devices

[Cameron-84]

Hello,

I have similar issue as was mentioned here: #397 with bad date / timestamp.
There was no problem in the earlier version 1.6.x. My current version is 1.7.5 (latest).
Devices: Cisco Viptela SD-WAN vEdge routers (practically no netflow customisable settings).

My troubleshooting output's:

Device time is synced with NTP servers.
Nfdump compiled with "--enable-nfprofile --enable-nftrack --enable-sflow" (I also tried "--enable-nsel" but has no effect...).
Thanks for your help.

[phaag]

The timestamp you have marked in red is the time, when the ipfix packet has been exported from the CISCO device and does not correspond with the time of the flows start/stop, which are sent by that ipfix packet. You need to check the template, which is associated with that flow. However, it looks like a malformed package for some reason.
If you have difficulties in debugging the package stream feel free to send me a pcap of the traffic, sent to the collector, which contains enough information (template and data records), so I can check for you.

[Cameron-84]

Thanks for response.
Here is pcap of the traffic: cflowd.pcap.zip

Thank you very much for your help.