Hey everybody, I noticed that pcap is referred to in the flow-import man page, and I saw on the web that you use "-f 1" to access it, but the format number doesn't seem to be documented in the flow-import man page. Is that a bug or is it so dangerous that they don't want to document it except for saying it's a hack?
I'm asking because I'm going to be setting up some machines that receive a raw stream from an optical tap and I may want to transform it into netflow. I've used fprobe but I was wondering if I could use flow-tools by itself for the same purpose. I'm a bit dubious because I don't see an immediate way (without fprobe) to get the 15 minute segmentation; I could `tcpdump | flow-import -f 1`, which would give me flow-tools data, but I need some kind of "slicer" that makes the 15 minute files. I don't think doing something nasty with cron is the solution...any suggestions? Thanks, Mike _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
