From owner-freebsd-questions@FreeBSD.ORG Mon Apr 28 10:40:52 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 57F6C106564A for ; Mon, 28 Apr 2008 10:40:52 +0000 (UTC) (envelope-from emorras@s21sec.com) Received: from s21sec.com (mail.s21sec.com [212.31.206.70]) by mx1.freebsd.org (Postfix) with ESMTP id 1AAF08FC22 for ; Mon, 28 Apr 2008 10:40:51 +0000 (UTC) (envelope-from emorras@s21sec.com) Received: from inv-008.s21sec.com (unknown [83.175.204.210]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by s21sec.com (Postfix) with ESMTP id BFA221A406E for ; Mon, 28 Apr 2008 12:27:59 +0200 (CEST) X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Mon, 28 Apr 2008 12:41:41 +0200 To: freebsd-questions@freebsd.org From: Eduardo Morras Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed; x-avg-checked=avg-ok-67CD2DD5 Message-Id: <20080428102759.BFA221A406E@s21sec.com> Subject: Converting from tcpdump to netflow X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2008 10:40:52 -0000 Hello everybody: I'm capturing packets from our network using tcpdump. Only 96 bytes for each packet. Now the sysmaster says that he wants analyze the network with netflow graphics. Is there any app that can convert from tcpdump/pcap to netflow? We have no router with netflow capabilities. Should i restart the packet capture with fprobe or similar app? Can be fprobe and tcpdump work in parallel? Thanks In Advance ------------------------------------------------ Useful Acronyms : UPnP = Universal Plug and Pray