[netflow-tools] flowd-reader export

[Florian Weimer]

* Murray Shields:

> Is there any documentation on the export as generated by flowd-reader? 
> For example, what are the possible values and meanings for proto (I know 
> 6 is TCP)? What is the most accurate way of matching bi-directional 
> packets (is it simply a specific port number range)?

You can match the connection quadruple (twice IP address and port).
They are the same for both directions, except that sender and receiver
are swapped.