On Wed, Jul 28, 2004 at 10:43:11PM +, [EMAIL PROTECTED] wrote:
> I cannot seem to find documentation on the actual byte format of the
> binary flow files generated. In ftlib.h I could see the V5 data struct,
> however the file generated (1000 records) consists of 64048 bytes not
> 64000 as migh
I know the spoofing code works on FreeBSD 4.x. I'm not sure about
other systems, there isn't a 100% portable way to write something like
this.
flow-receive will store the IP address of the exporter in each flow.
If -s is used with a localip of 0, then the IP address in the flow is
used.
flo
FIRST and LAST.
From flow-export.1
FIRST 0x0080LL
LAST0x0100LL
These are relative to the sysUpTime (which is not the same as the SNMP
sysUpTime) of the router which you can get with
SYSUPTIME 0x0004LL
FYI I'm not sure if flow-print
This is what I'm using. This mostly works with 0.67. Summary-detail
had to change for 0.68 to support this script. Also attached is
flow-rpt2rrd which will take flow-report output and create rrd's, and
flow-log2rrd which parses the output of flow-fanout to graph drops,
packets, and flows. A
Unfortunately I haven't had a chance to release 0.68 yet where this
works. I have to play network engineer for another few months before
getting back to flow-tools development.
In 0.67 the variable substitution only works for files, in 0.68 it is
more generic and works everywhere including in
Hello, I am working with flow files generated by flow-gen
I am using version 5 (-V5)
I cannot seem to find documentation on the actual byte format of the
binary flow files generated. In ftlib.h I could see the V5 data struct,
however the file generated (1000 records) consists of 64048 bytes not
Hi,
I am running Solaris and flow-tools 0.67.
Has anybody an idea how variable expansion
via the flow-report -v option works?
There is nothing in the docs. The source says
@VAR. in the report file.
But in any case I get errors.
For example:
> the report config:
>
> [...]
stat-report traffic-per-add
