> > I mean what command line syntax do you suggest. :-) > > I think that a command line like this: > $nfdump -r nfcapd.200710110000 -o "fmt:%sa -> %da %byt %itype" "proto ICMP"
Ok, but what if no "proto icmp" filter applied. Please show a command line and sample output with mixed TCP, UDP and ICMP flows. Gabor ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
