On Tue, 7 Dec 2004 14:25:27 -0500 "Jim Janovich" <[EMAIL PROTECTED]> wrote: > Hello all, > > I was wondering if there is an easy watch to match a Send and a receive Flow. > > > I was looking at the data returned and could not think of a way. Any > thoughts?
I've been working on a CFlow based perl script that does just that in addition to a whole bunch of other things. I've had reasonably good results taking the mindlessly simple approach of using the 5-tuples to look for matches. I simple exchange the SRCIP <-> DSTIP and SRCPORT <-> DSTPORT and look for a match in the recently seen flows. So far I've been able to match about 90% of my TCP and UDP flows. Also, I'm currently *not* doing anything to match up ICMP with TCP or UDP. That's the next step. I'll send out my script when I'm done with it. Paul -- Paul Dokas [EMAIL PROTECTED] ====================================================================== Don Juan Matus: "an enigma wrapped in mystery wrapped in a tortilla." _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
