[netflow-tools] flowd-reader export
Jean-Philippe Luiggi
jp.luiggi at free.fr
Sat Mar 25 02:14:37 EST 2006
Hello,
On Fri, Mar 24, 2006 at 12:47:23PM +1000, Murray Shields wrote:
>
> Is there any documentation on the export as generated by flowd-reader?
> For example, what are the possible values and meanings for proto (I know
> 6 is TCP)? What is the most accurate way of matching bi-directional
> packets (is it simply a specific port number range)?
About protocols : less /etc/protocols (Unix) or "www.iana.org"
and for "bi-directional matching": on the server's side, there's one defined
port but from client's point of vue, it's not true.
> Can I simply assume that the LOWER port number is the port, and the
> higher is for matching?
I'm not sure to understand what do you want to say ?
Best regards.
More information about the netflow-tools
mailing list