[netflow-tools] Conversion from DAG to Netflow
Santosh Rao
gsantoshrao at gmail.com
Mon Feb 12 20:06:16 EST 2007
I've been unsuccessfully trying to convert files in DAG format to Netflow.
To achieve this I first converted the DAG files to pcap using tshark and
then exported the pcap files using softflowd to a Netflow collector
(flow-capture). But every time I do the export from pcap, softflowd seems to
ignore all the IP packets. The exact output that I get is:
# softflowd -r 26f0000.pcap -n 192.168.1.7:8819 -d
softflowd v0.9.8 starting data collection
Exporting flows to [192.168.1.7]:8819
Shutting down after pcap EOF
Shutting down on user request
Number of active flows: 0
Packets processed: 0
Fragments: 0
Ignored packets: 6918507 (6918507 non-IP, 0 too short)
Flows expired: 0 (0 forced)
Flows exported: 0 in 0 packets (0 failures)
#
I've tried breaking down the pcap file (which is around 650 MB) to smaller
files sizes using tcpslice but that does not seem to help either.
I've also used tools like dagconvert (from Endace) to convert DAG to pcap
and run it through softflowd, but in this case too softflowd seems to ignore
all packets. I am able to export pcap to Netflow using softflowd when the
pcap file is created using a live capture.
I would really appreciate it if someone could help me out on this problem or
offer a better way on how I can do the conversion.
Thanks.
-santosh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mindrot.org/pipermail/netflow-tools/attachments/20070212/844c92fe/attachment.html
More information about the netflow-tools
mailing list