> > What is your suggestion? > > What to write instead of this command? > > > > nfdump <other_options> \ > > -o "fmt:%ts %td %pr %sap -> %dap %flg %tos %pkt %byt %fl" \ > > src host 192.168.63.12 > > I suggest that: > - For all traffic that doesn't have ports (e.g. ICMP) the "port" field > should be set to zero. "proto AH" and "proto GRE" are already > implemented that way. When you make a SRC-/DST-Port analysis all ICMP
I mean what command line syntax do you suggest. :-) Gabor ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
