On Wed, Oct 27, 2010 at 09:10:46AM -0400, Drew Weaver wrote:
> Is there any work being done (or am I missing work that has already
> been done) to allow Flow-Tools to work with IPv6?
I think flow-tools is at the end of the line, feature-wise.
The simplest upgrade path seems to be switching to nfdump/nfsen -
nfdump fully supports IPv6 and its architecture is close enough to
flow-tools (i.e. a capture daemon and command-line tools to process
the data) that the conversion is straightforward.
nfdump is much easier to use than the flow-cat, flow-filter, flow-print,
flow-stat and flow-report suite - it basically does the job of all of
those programs, and uses BPF syntax for filters so you can specify your
filter on the command line a la tcpdump.
nfcapd (the nfdump capture daemon) is also easier to use - it starts
up immediately (expiration of data is done by a separate program)
and has built in repeater capability (no need for a separate process
as in flow-tools).
The one major bug I've found so far is that nfdump mishandles time
zone shifts. I'm testing a patch for that now.
The other issue with nfdump is that there is only one primary developer
and not a lot of activity on its mailing list - reminds me too much
of the flow-tools community when I first started using it. :-)
-- Ed
_______________________________________________
Flow-tools mailing list
[email protected]
http://mailman.splintered.net/mailman/listinfo/flow-tools
