From owner-freebsd-questions@FreeBSD.ORG Mon Apr 28 18:42:40 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AAF6E1065674 for ; Mon, 28 Apr 2008 18:42:40 +0000 (UTC) (envelope-from jhary@unsane.co.uk) Received: from unsane.co.uk (unknown [IPv6:2001:470:1f08:110::2]) by mx1.freebsd.org (Postfix) with ESMTP id 38C758FC12 for ; Mon, 28 Apr 2008 18:42:40 +0000 (UTC) (envelope-from jhary@unsane.co.uk) Received: from crab.unsane.co.uk (crab.unsane.co.uk [10.0.0.111]) (authenticated bits=0) by unsane.co.uk (8.14.0/8.14.0) with ESMTP id m3SIg8hj036953 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 28 Apr 2008 19:42:08 +0100 (BST) (envelope-from jhary@unsane.co.uk) Message-ID: <48161A73.5060903@unsane.co.uk> Date: Mon, 28 Apr 2008 19:41:55 +0100 From: Vince User-Agent: Thunderbird 2.0.0.12 (X11/20080426) MIME-Version: 1.0 To: Eduardo Morras References: <20080428102759.BFA221A406E@s21sec.com> In-Reply-To: <20080428102759.BFA221A406E@s21sec.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Converting from tcpdump to netflow X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2008 18:42:40 -0000 Eduardo Morras wrote: > Hello everybody: > > I'm capturing packets from our network using tcpdump. Only 96 bytes > for each packet. Now the sysmaster says that he wants analyze the > network with netflow graphics. Is there any app that can convert from > tcpdump/pcap to netflow? We have no router with netflow capabilities. > Should i restart the packet capture with fprobe or similar app? Can be > fprobe and tcpdump work in parallel? > net-mgmt/softflowd says it can read in pcap files and export netflow from them (see http://www.mindrot.org/projects/softflowd/ ) Vince > Thanks In Advance > > ------------------------------------------------ > Useful Acronyms : UPnP = Universal Plug and Pray > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"