On Thu, Jan 31, 2008 at 02:01:08PM -0500, Ed Ravin wrote: > On Thu, Jan 31, 2008 at 10:30:37AM -0600, Andy Terrel wrote: > > I am brand new to using flow-tools but have been pointed at flow-tools > > by some people using it for security. And have just started using the > > code (0.680 from the debian package. > > > > The code I wanted to use on top of flow-tools is the UofC package > > flow-extract ( http://security.uchicago.edu/tools/net-forensics/ ) > > linked to off the splintered.net page. The READMe in the code says it > > needs some things from flow-tools 0.32. > > Don't believe everything you read in a README. Take a closer look at the > directory after it's unpacked - all the files mentioned in the README > as being needed from flow-tools 0.32 are thankfully already included. > > > Is there a better place to grab either the flow-tools 0.32 or even > > better a version of flow-extract? > > flow-extract seems pretty old, and I'm not sure what the advantages of it > are over flow-cat | flow-filter | flow-print. Well, OK, maybe the > advantage is you don't have to use a pipeline.
Much better than that - automatic resolution of DNS names and port numbers when dumping out flow files, and textual display of the TCP flags in the flow. Definitely useful for reviewing flow data. _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
