On Wed, Jul 28, 2004 at 10:43:11PM +0000, [EMAIL PROTECTED] wrote: > I cannot seem to find documentation on the actual byte format of the > binary flow files generated. In ftlib.h I could see the V5 data struct, > however the file generated (1000 records) consists of 64048 bytes not > 64000 as might be expected if the structs were simply places back to > back, through extracting and looking at some data I am unable to identify > the fields.
there is a difference between the on wire (like V5) structure and the ftlib structure. in programs i've written, i've used the api defined in ftlib to manipulate flow-* generated data. start with the prototypes, go from there. if you're looking for the wire format, take a look at the code and URLs contained in: http://anonsvn.ethereal.com/viewcvs/viewcvs.py/trunk/epan/dissectors/packet-netflow.c?rev=11410&view=markup -- - bill fumerola / [EMAIL PROTECTED] _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
