Hi Group, I have using shorewall with NFLOG to log my traffic network. IPTABLES is "capture" the traffic using NFLOG, which then sent to ULOG2 which then goes into a DB like MYSQL. So far so good, cause everything is working fine. However I have some questions in mind and I know it is not relevant to shorewall, but maybe someone could help me here, or even tell me what is the mail for the ulog group. 1. How does NFLOG works? Does it somehow related to PCAP? What I understand is that NFLOG is working in non-promiscuous while using PCAP is running in promiscuous mode, but I still not sure if I'm right here. 2. ULOG2 has support to work with pcap ( http://rlworkman.net/howtos/ulogd.html) so I can generate log file which can then be analyse with tcpdump. 3. I saw this http://sourceforge.net/projects/ipt-netflow/ and this https://www.mail-archive.com/shorewall-users@lists.sourceforge.net/msg08578.html since I want to have shorewall generate netflow format to netflow collector. There is http://www.3open.org/d/voyage/setup_netflow_exporter and http://sourceforge.net/projects/fprobe/ which seems can do that, but not sure if shorewall support it. Can someone help me better understand the relation with NFLOG + PCAP + NETFLOW + SFLOW Thanks you Sassy -- Regards, Sassy Natan 972-(05)54-2203702 ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk