On Aug 03, "[EMAIL PROTECTED]" wrote: > we are currently extracting lot of information from our flows, wich are > generated by some cisco hardware (routers and switches - i can find out > details if needed). > the question ist weather it's technically possible to get also the netmasks > accoring to the travelling IP-addresses? > for example 10.200.23.1/16 > > At the very moment the best i can get is a output from "flow-print -f4" > which gives me: > 10.200.80.79/0 10.200.81.102/0 6 0 0 785 9
Check out flow-export -f 2: #:unix_secs,unix_nsecs,sysuptime,exaddr,dpkts,doctets,first,last,engine_type,engine_id,srcaddr,dstaddr,nexthop,input,output,srcport,dstport,prot,tos,tcp_flags,src_mask,dst_mask,src_as,dst_as 1040197502,534197838,665538312,128.32.11.39,1,40,665529140,665529140,4,0,128.32.53.53,62.43.95.160,128.32.110.86,2,21,445,1864,6,0,4,24,18,0,22909 It has a src_mask and dst_mask. These might not come through if you're using netflow from a switch instead of a router, and I seem to recall that sometimes even the routers export erroneous subnet masks, but it works pretty well in general. Viel gluck, Mike _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
