Hi,
Let's say we configure pmacct to aggregate on: src ip, src port, dst ip, dst
port, proto. That means that it will produce flow records aggregating on the
TCP quintuple.
Would it be possible to get the start timestamp (time of TCP SYN) of a TCP
connection? Similarly, would it be possible to get the duration of a connection
(possibly the timestamp of FIN)? Is any of these things possible through pmacct?
Thank you.
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
