I'd encourage you to look at flow-report in 0.68. It should be as easy
to use as flow-stat on the command line now.
flow-stat or flow-report can aggregate on IP port numbers. Usually a
filter would also be used to break on TCP, UDP, ICMP, and Other since
the ports may have different meanings, and probably don't mean much in
the "other" category.
# 0.68 example:
# top 10 TCP source port sorted by octets.
% flow-cat <data> | flow-nfilter -FTCP | flow-report
-vTYPE=ip-source-port
--
mark
On May 19, 2005, at 5:38 AM, Sébastien Hugues wrote:
Hi,
I'd like to get protocol aggregation from NetFlow data. So I use
flow-stat -f12. It works well. One more thing I'd like to have it's
protocol number resolution, for instance replace 17 by udp. So I use
the -n option. It works well.
But flow-stat is only able the resolve layer 4 protocol (tcp, udp,
icmp…). I'd like flow-stat to resolve also application-layer protocols
like http, ftp… How can I do it ?
Any help are kindly welcome.
Best regards
Seb
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
