-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Tony,
The -E format still works - also with snapshot 20081221:
./nfcapd -E
Add extension: 2 byte input/output interface index
Add extension: 4 byte input/output interface index
Add extension: 2 byte src/dst AS number
Add extension: 4 byte src/dst AS number
File Block Header:
NumBlocks = 0
Size = 0
id = 2
Flow Record:
Flags = 0x00
size = 44
first = 1235036708 [2009-02-19 10:45:08]
last = 1235036727 [2009-02-19 10:45:27]
msec_first = 160
msec_last = 253
src addr = x.x.x.x
dst addr = z.z.z.z
src port = 55115
dst port = 443
fwd status = 0
tcp flags = 0x1b .AP.SF
proto = 6
(src)tos = 0
(in)packets = 26
(in)bytes = 12784
There is still some Debug output at the beginning, but all th records are
printed.
- Peter
Tony Gray wrote:
> Hi,
> Has the output format for nfcapd -E changed between nfdump-1.5.7 and the
> current snapshot 1.5.7-20081221?
>
> The output i am getting from the snapshot version looks like:
>
> Add extension: 2 byte input/output interface index
> Add extension: 4 byte input/output interface index
> Add extension: 2 byte src/dst AS number
> Add extension: 4 byte src/dst AS number
> File Block Header:
> NumBlocks = 0
> Size = 0
> id = 2
> File Block Header:
> NumBlocks = 1
> Size = 14
> id = 2
>
> Where as with the stable version i was getting:
> Flow Record:
> Flags = 0x00000000
> size = 52
> mark = 0
> srcaddr = X.X.X.X
> dstaddr = X.X.X.X
> first = 1234522029 [2009-02-13 10:47:09]
> last = 1234522029 [2009-02-13 10:47:09]
> msec_first = 246
> msec_last = 943
> dir = 1
> tcp_flags = 0x10 .A....
> prot = 6
> tos = 0
> input = 26
> output = 42
> srcas = 0
> dstas = 0
> srcport = 34984
> dstport = 80
> dPkts = 2
> dOctets = 80
>
> Thanks,
> Tony
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [email protected] Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBSZ0saf5AbZRALNr/AQLKagQAgwU0Z9voix/W7UrwGPpJ7SI9sT07e6Kn
kj8FkOyBwX8jjh3I/QXVX9N8duA98TyIO3JUvS18TncfYvMtofuCSbMjIT3PyY6I
WtWH5CACpBqMHnFTDv6moz9bcFO7r+3+A4KFyl0LWU46nYgIoEM3n4vWgKCCQx1I
9ihKN+DEzIo=
=mxxE
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
