RE: [Flow-tools] aggregating flow information

2006-02-09 Thread McGlinchy, Alistair
Ulisses, I'm interested in capturing information from a netflow v5 flow, but I would like aggregate information based on nework prefixes or AS. Is this possible with flow-tools? If not, what tool do you suggest? I've tried with flow-export | flow-import but I could not achieve it that

Re: [Flow-tools] aggregating flow information]

2006-02-09 Thread ulisses
Hello Thanks so much for your script, I think I'm going to use it and if I improve it I will not have any problem in contributing to the public (I will send you/to tha mailing list the paches/modified version) Thanks! Ulisses On Thu, Feb 09, 2006 at 04:16:35PM -, McGlinchy,

Re: [Flow-tools] aggregating flow information

2006-02-09 Thread Delfim Machado
you can do it with flow-capture, perl and Cflow http://net.doit.wisc.edu/~plonka/Cflow/ On Feb 9, 2006, at 9:28 AM, ulisses wrote: Hello I'm interested in capturing information from a netflow v5 flow, but I would like aggregate information based on nework prefixes or AS. Is this possible

Re: [Flow-tools] aggregating flow information

2006-02-09 Thread Mike Hunter
Hola, On Feb 09, ulisses wrote: I'm interested in capturing information from a netflow v5 flow, but I would like aggregate information based on nework prefixes or AS. Is this possible with flow-tools? If not, what tool do you suggest? I've tried with flow-export | flow-import but I could

[Flow-tools] traffic anonymisation

2006-02-09 Thread Sebastian Krieger
Hi, I'm searching for a proper way to anonymise traffic by multiple criteria. Maybe this is possible in conjunction with filters based on ip-prefix and port. I already tried some things with flow-tools, but I didn't find the result I need. For example... src-addr src-port

[Flow-tools] netflows traffic anonymisation

2006-02-09 Thread Bill Yurcik
Sebastian: take a look at CANINE (a netflows converter and anonymizer) and let me know how it works for you, download site: http://security.ncsa.uiuc.edu/distribution/CanineDownLoad.html Cheers! - Bill Yurcik/NCSA On Thu, 9 Feb 2006, Sebastian Krieger wrote: Hi, I'm

[Flow-tools] flow-export / mysql problem

2006-02-09 Thread Roy
I've tried re-building v0.68 through the FreeBSD 6.0 ports tree with: ./configure --localstatedir=/usr/local --prefix=/usr/local i386-portbld- freebsd6.0 --with-mysql=/usr/local When I do: ./flow-export -d5 -f3 \ -mDPKTS,DOCTETS,SRCADDR,DSTADDR,SRCPORT,DSTPORT \ -u

Re: [Flow-tools] traffic anonymisation

2006-02-09 Thread James J. Barlow
On Thu, Feb 09, 2006 at 08:27:10PM +0100, Sebastian Krieger wrote: Hi, I'm searching for a proper way to anonymise traffic by multiple criteria. Maybe this is possible in conjunction with filters based on ip-prefix and port. I already tried some things with flow-tools, but I didn't find