-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi list,
I just released nfdump-1.5.6. It includes
- - Fix odd CISCO behaviour for ICMP type/code in src port.
- - Add fast LZO1X-1 compression option (-z) for output file.
- - Add lists for port in syntax -> port in [ 135 137 445]
- - Add lists for AS syntax -> as in [ 1024 1025 ]
- - Bug fix in filter for syntax 'src as and dst as'
The odd CISCO behaviour is more empirical than verified, but there
is no documentation about that at all. Even CISCO the guys could not
point me to some valid docs. nfdump1.5.6 now decodes ICMP as follows:
dstport = ( ICMP_type * 256 ) + ICMP_code
or
srcport = ( ICMP_code * 256 ) + ICMP_type
which verified as true on the tested IOSes.
Compression:
The compression algorithm chosen is a trade of between speed and
efficiency. If's a bit less effective than gzip, but ultimate fast.
As the compression ratio is about 50% in average but very fast, it
is very well suited for nfdump.
Existing files can be compressed using ../nfdump -j <file> The file
format is completely transparent.
- Peter
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iQCVAwUBRxMpLf5AbZRALNr/AQJ/PwQAo+GkPOTWhoprJFqkIjzPndt5hhe3tZaO
jtNkYOzXEwoFb33enPHfNhOs8sUNp7UoFYC5jOHNgVB1oOGAW9aDzVRiZAuJg2vm
P5sQLfOpi9ZmILFGQPEl9ev7OFklEDP+2SsQp9XSkmFbI3xXz6Y9Q+HCdu9XwDre
DhSAM1V+XgM=
=43vP
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
