Replying to Glenn Hochberg:
> Fair question (as to how they got stored in the files), but I don't know
> the answer. There are collectors somewhere in another organization that
> store what appears to be the raw PDUs in v5 format (i.e. binary).
> It appears to start with the Netflow V5 header, etc.
>
> In that case is there a way to transform it to the flow-tools format?
> Where is the flow-tools format described, for that matter, if you know (or
> if anyone else on the list does)?
Short answer: yes, it is possible.
Slightly longer: yes, it is possible with the following python program:
output = flowtools.FlowSet('blablabla', True)
for host, pdu in (some host/pdu source):
pdu = flowtools.FlowPDU(host, buf)
output.write(pdu)
assuming that your host always the same, you can do
host = struct.unpack("!I", socket.inet_aton('127.0.0.1'))[0]
how to deal with pdu source itself depends on do you have the length
of each pdu in your stream, or not. On every iteration buf should
contain exactly one PDU.
You can get pyflowtools source from http://pyflowtools.googlecode.com/
and updated flow-tools from http://flow-tools.googlecode.com
--
Paul P 'Stingray' Komkoff Jr // http://stingr.net/key <- my pgp key
This message represents the official view of the voices in my head
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
