[netflow-tools] Converting tcpdump log to NetFlow stats

Joe Loiacono jloiacon at csc.com
Thu Jun 24 08:35:56 EST 2010 

Did you check out 'ntop/nprobe'?  http://www.ntop.org/

Joe


|------------>
| From:      |
|------------>
  >------------------------------------------------------------------------------------------------------------------------------------------|
  |screw.badluck at seznam.cz                                                                                                                   |
  >------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To:        |
|------------>
  >------------------------------------------------------------------------------------------------------------------------------------------|
  |netflow-tools at mindrot.org                                                                                                                 |
  >------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date:      |
|------------>
  >------------------------------------------------------------------------------------------------------------------------------------------|
  |06/23/2010 10:23 AM                                                                                                                       |
  >------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Subject:   |
|------------>
  >------------------------------------------------------------------------------------------------------------------------------------------|
  |Re: [netflow-tools] Converting tcpdump log to NetFlow stats                                                                               |
  >------------------------------------------------------------------------------------------------------------------------------------------|






> Hi, is it possible to convert data logged with tcpdump -w to netflow
statistic
> with proper timestamps using softflowd and flowd or does flowd mark data
as
> "now"+
>
> Thanks, badluck.
>
>

So, from what i've learned, it's not possible export flows that spans more
than ~49 days because first/last switched are expressed in ms since boot on
32bits = max 4294967296ms ... ~49days. So even when i'd tried to fake boot
time (in softflowd.c line 1876) i could still export data with correct
timestamps only 49days into the future then i would need to restart export
and compute new head (sys_uptime and unix_secs) and also first last for
each flow.
Or is there an easier way out?
_______________________________________________
netflow-tools mailing list
netflow-tools at mindrot.org
https://lists.mindrot.org/mailman/listinfo/netflow-tools

More information about the netflow-tools mailing list