On Thu, Jan 31, 2008 at 10:30:37AM -0600, Andy Terrel wrote:
> I am brand new to using flow-tools but have been pointed at flow-tools
> by some people using it for security. And have just started using the
> code (0.680 from the debian package.
>
> The code I wanted to use on top of flow-tools is the UofC package
> flow-extract ( http://security.uchicago.edu/tools/net-forensics/ )
> linked to off the splintered.net page. The READMe in the code says it
> needs some things from flow-tools 0.32.
Don't believe everything you read in a README. Take a closer look at the
directory after it's unpacked - all the files mentioned in the README
as being needed from flow-tools 0.32 are thankfully already included.
> Is there a better place to grab either the flow-tools 0.32 or even
> better a version of flow-extract?
flow-extract seems pretty old, and I'm not sure what the advantages of it
are over flow-cat | flow-filter | flow-print. Well, OK, maybe the
advantage is you don't have to use a pipeline.
I was able to build flow-extract from the URL above against a recent
flow-tools as follows:
make INCLUDES=-I/mumble/flow-tools-0.68.3-rc1/include
LIBS+=/mumble/flow-tools-0.68.3-rc1/lib/libft.a
LIBS+=-L/mumble/flow-tools-0.68.3-rc1/lib/ LIBS+=-lz
And you'll want to replace "mumble" with wherever the current flow-tools
are installed on your system, maybe /usr/local if you're lucky. There
should be no need to go to 0.32 or other old versions of flow-tools.
-- Ed
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
