Kiss Gabor (Bitman) wrote:
> I mean what command line syntax do you suggest. :-)
I think that a command line like this:
$nfdump -r nfcapd.200710110000 -o "fmt:%sa -> %da %byt %itype" "proto ICMP"
should produce this output:
Src IP Addr Dst IP Addr Bytes ICMP type
134.76.81.91 -> 195.160.252.1 46 8.0
134.76.20.254 -> 169.254.53.60 56 3.13
134.76.247.241 -> 83.133.112.3 84 8.0
134.76.63.129 -> 83.205.18.34 85 3.3
139.174.9.4 -> 84.134.104.253 84 0.0
139.174.195.227 -> 202.102.57.49 65 8.0
while this:
$nfdump -r nfcapd.200710110000 -o "fmt:%sap -> %dap %byt" "proto ICMP"
should give:
Src IP Addr:Port Dst IP Addr:Port Bytes
134.76.81.91:0 -> 195.160.252.1:0 46
134.76.20.254:0 -> 169.254.53.60:0 56
134.76.247.241:0 -> 83.133.112.3:0 84
134.76.63.129:0 -> 83.205.18.34:0 85
139.174.9.4:0 -> 84.134.104.253:0 84
139.174.195.227:0 -> 202.102.57.49:0 65
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
