From zjadidi.2011 at gmail.com Tue Feb 12 13:32:40 2013 From: zjadidi.2011 at gmail.com (Zahra Jadidi) Date: Tue, 12 Feb 2013 12:32:40 +1000 Subject: [netflow-tools] Reading from saved file Message-ID: Dear Sir / Mam I have a dataset including pcap format data. I want to convert this dataset to a flow based dataset in which flows have NetFlow format. Therefore, I need read pcap file from stored file, the dataset, using Softflowd then using flowd we can save flows. I have linux "mageia" on my computer. I have tried to install softflowd verion 0.9.8 as a traffic exporter and install nfsen as the collector instead of flowd. I tried very much but softflowd does not work on my computer. I am very confused. Every thing seems ok but it is not working. I am new in softflowd. I appreciate if you give me some help. Best Regards Zahra -------------- next part -------------- An HTML attachment was scrubbed... URL: From djm at mindrot.org Thu Feb 14 14:38:42 2013 From: djm at mindrot.org (Damien Miller) Date: Thu, 14 Feb 2013 14:38:42 +1100 (EST) Subject: [netflow-tools] Reading from saved file In-Reply-To: References: Message-ID: On Tue, 12 Feb 2013, Zahra Jadidi wrote: > Dear Sir / Mam > I have a dataset including pcap format data. I want to convert this dataset > to a flow based dataset in which flows have NetFlow format. Therefore, I > need read pcap file from stored file, the dataset, using Softflowd then > using flowd we can save flows. I have linux "mageia" on my computer. I have > tried to install softflowd verion 0.9.8 as a traffic exporter and install > nfsen as the collector instead of flowd. I tried very much but softflowd > does not work on my computer. I am very confused. Every thing seems ok but > it is not working. I am new in softflowd. I appreciate if you give me some > help. Hi, If you need help then you'll need at least to tell us how you are running softflowd/flowd/etc. You should also try running softflowd in debug mode to see if there is anything going wrong at that level. -d From markus.jan at seznam.cz Sun Feb 17 02:06:54 2013 From: markus.jan at seznam.cz (Jan Markus) Date: Sat, 16 Feb 2013 16:06:54 +0100 Subject: [netflow-tools] Softflowd and VLAN tagged packets Message-ID: <511FA08E.3060909@seznam.cz> Hello, we have a mirror port on our core switch and need to create Neflow v9 from packet flows. But softflowd seems to read only packets with no VLAN tag. Is there a way to change this behaviour? All packets comming from our mirror port have VLAN tag. If the change of code would be needed, we'd ready to pay for it. We really need this function. Thank you very much, -Jan From craig.weinhold at cdw.com Sun Feb 17 09:29:07 2013 From: craig.weinhold at cdw.com (Craig Weinhold) Date: Sat, 16 Feb 2013 16:29:07 -0600 Subject: [netflow-tools] Softflowd and VLAN tagged packets In-Reply-To: <511FA08E.3060909@seznam.cz> References: <511FA08E.3060909@seznam.cz> Message-ID: I can't speak for softflowd, but I do know that the NIC and/or kernel may be able to strip/preserve VLAN tags on promiscuous ports. See: http://www.intel.com/support/network/sb/CS-005897.htm As an aside, keep in mind that a packet routed from VLAN X to VLAN Y might show up twice on your mirror port if both VLANs are being mirrored. -Craig On Sat, 16 Feb 2013, Jan Markus wrote: > Hello, > > we have a mirror port on our core switch and need to create Neflow v9 from > packet flows. But softflowd seems to read only packets with no VLAN tag. Is > there a way to change this behaviour? All packets comming from our mirror port > have VLAN tag. If the change of code would be needed, we'd ready to pay for > it. We really need this function. > > Thank you very much, > -Jan > _______________________________________________ > netflow-tools mailing list > netflow-tools at mindrot.org > https://lists.mindrot.org/mailman/listinfo/netflow-tools > From list2009 at lunch.za.net Mon Feb 18 04:30:52 2013 From: list2009 at lunch.za.net (Andrew McGill) Date: Sun, 17 Feb 2013 19:30:52 +0200 Subject: [netflow-tools] Softflowd and VLAN tagged packets In-Reply-To: References: <511FA08E.3060909@seznam.cz> Message-ID: <20130217193052.39f3ae3f@beans.lunch.za.net> On Sat, 16 Feb 2013 16:29:07 -0600 Craig Weinhold wrote: > I can't speak for softflowd, but I do know that the NIC and/or kernel > may be able to strip/preserve VLAN tags on promiscuous ports. See: > > http://www.intel.com/support/network/sb/CS-005897.htm > > As an aside, keep in mind that a packet routed from VLAN X to VLAN Y > might show up twice on your mirror port if both VLANs are being > mirrored. If you need to handle this condition, I have hacked a private version that eliminates the duplicates (mail me). The price of this is maintaining a history of recent packets, so it's not appropriate for most situations. It's not particularly elegant, especially since the history is in a fixed (at compile time) buffer. > -Craig > > > On Sat, 16 Feb 2013, Jan Markus wrote: > > > Hello, > > > > we have a mirror port on our core switch and need to create Neflow > > v9 from packet flows. But softflowd seems to read only packets with > > no VLAN tag. Is there a way to change this behaviour? All packets > > comming from our mirror port have VLAN tag. If the change of code > > would be needed, we'd ready to pay for it. We really need this > > function. > > > > Thank you very much, > > -Jan > > _______________________________________________ > > netflow-tools mailing list > > netflow-tools at mindrot.org > > https://lists.mindrot.org/mailman/listinfo/netflow-tools > > > _______________________________________________ > netflow-tools mailing list > netflow-tools at mindrot.org > https://lists.mindrot.org/mailman/listinfo/netflow-tools -- Our parents ate 3G of bitter GPRS, and our bluetooth is set on EDGE