netflow tools - Jun 2010 - Converting tcpdump log to NetFlow stats

Hi, is it possible to convert data logged with tcpdump -w to netflow statistic
with proper timestamps using softflowd and flowd or does flowd mark data as
"now"+

Thanks, badluck.

> Hi, is it possible to convert data logged with tcpdump -w to netflow
statistic
> with proper timestamps using softflowd and flowd or does flowd mark data as
> "now"+
> 
> Thanks, badluck.
> 
> 
So, from what i''ve learned, it''s not possible export flows
that spans more than ~49 days because first/last switched are expressed in ms
since boot on 32bits = max 4294967296ms ... ~49days. So even when i''d
tried to fake boot time (in softflowd.c line 1876) i could still export data
with correct timestamps only 49days into the future then i would need to restart
export and compute new head (sys_uptime and unix_secs) and also first last for
each flow.
Or is there an easier way out?

Did you check out ''ntop/nprobe''?  http://www.ntop.org/

Joe


|------------>
| From:      |
|------------>
 
>------------------------------------------------------------------------------------------------------------------------------------------|
  |screw.badluck at seznam.cz                                                   
|
 
>------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To:        |
|------------>
 
>------------------------------------------------------------------------------------------------------------------------------------------|
  |netflow-tools at mindrot.org                                                 
|
 
>------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date:      |
|------------>
 
>------------------------------------------------------------------------------------------------------------------------------------------|
  |06/23/2010 10:23 AM                                                          
|
 
>------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Subject:   |
|------------>
 
>------------------------------------------------------------------------------------------------------------------------------------------|
  |Re: [netflow-tools] Converting tcpdump log to NetFlow stats                  
|
 
>------------------------------------------------------------------------------------------------------------------------------------------|





> Hi, is it possible to convert data logged with tcpdump -w to netflow
statistic
> with proper timestamps using softflowd and flowd or does flowd mark data
as
> "now"+
>
> Thanks, badluck.
>
>
So, from what i''ve learned, it''s not possible export flows
that spans more
than ~49 days because first/last switched are expressed in ms since boot on
32bits = max 4294967296ms ... ~49days. So even when i''d tried to fake
boot
time (in softflowd.c line 1876) i could still export data with correct
timestamps only 49days into the future then i would need to restart export
and compute new head (sys_uptime and unix_secs) and also first last for
each flow.
Or is there an easier way out?
_______________________________________________
netflow-tools mailing list
netflow-tools at mindrot.org
https://lists.mindrot.org/mailman/listinfo/netflow-tools