Dear Peter,
You mean after version 1.6b-xxx, nfdump can dump the report of src/dst
prefix per mask bits, like the flow-tools does?
When will be the stable version of 1.6.x released? Any schedule?
Thank you so much for your reply!!
Eddie
________________________________
寄件人﹕ Peter Haag <peter.h...@switch.ch>
收件人 Chor Keung Li <ckat...@yahoo.com.hk>
副本(CC) nfdump-discuss@lists.sourceforge.net
傳送日期﹕ 2009 年 8月 4 日 星期二 下午 7:54:32
主題: Re: [Nfdump-discuss] Re: Re: Re: How can display IP prefix
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chor Keung Li wrote:
> Dear Peter,
>
> Why nfdump does not store the mask bits? Which expoters sending netflow data
> will not strored by nfdump? Would nfdump store CISCO and Juniper routers mask
> bit informaiton?
Back in history, there was no need for mask bits - so they were not included.
>
> I'm planning to ugrade our CISCO and Juniper routers from netflow V5 to V9,
> does nfdump still store the mask bits in V9?
The latest 1.6b-xxx version stores mask bits.
- Peter
>
> Thanks again!!
>
> Eddie
>
>
> ________________________________
> 寄件人﹕ Peter Haag <peter.h...@switch.ch>
> 收件人 Chor Keung Li <ckat...@yahoo.com.hk>
> 副本(CC) nfdump-discuss@lists.sourceforge.net
> 傳送日期﹕ 2009 年 8月 4 日 星期二 下午 3:53:59
> 主題: Re: Re: [Nfdump-discuss] Re: How can display IP prefix
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Chor Keung Li wrote:
>> Dear Peter,
>>
>> Thanks for your reply! You mean the current version of nfdump does not store
>> the mask bits that the netflow protocol have? But how come I can display the
>> prefix report using the command
>> nfdump -r nfcapd.200907282355 -o "fmt:%sa %fl %byt %pkt" -a -A srcip4/22?
>> where I interested in the source IP with mask bit 22.
>
> You can manually apply any mask you like, but the netmask bits, which some
> exporters send in the netflow data are not
> stored. Therefore applying the mask automatically according the netbits does
> not work.
>
> - Peter
>> I'm now using nfdump 1.5.8 running in FC9.
>>
>> If the current version does not support the source/dest prefix or mask bits,
>> when will it support?
>>
>> Thanks for your kindly help!!
>>
>> Eddie
>>
>>
>>
>>
>> ________________________________
>> 寄件人﹕ Peter Haag <peter.h...@switch.ch>
>> 收件人 Chor Keung Li <ckat...@yahoo.com.hk>
>> 副本(CC) nfdump-discuss@lists.sourceforge.net
>> 傳送日期﹕ 2009 年 8月 4 日 星期二 下午 1:28:12
>> 主題: Re: [Nfdump-discuss] Re: How can display IP prefix
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>>
>> Chor Keung Li wrote:
>>> Dear all,
>>>
>>> After reading document, I can create reports by prefix or bit-masks using
>>> the filter commands, for example, If looking at the src prefix with mask
>>> bit 22, the following comamnd line will work.
>>> nfdump -r nfcapd.200907282355 -o "fmt:%sa %fl %byt %pkt" -a -A srcip4/22
>>>
>>> In this case, however, I must input and specify the mask bit to nfdump to
>>> work out the report. Just want to know is nfdump capable to gernerate all
>>> the source/destination prefix reports without inputting the mask bits, like
>>> the source/destination prefix report in flow-tools? It is a bit
>>> inconvenience!
>>>
>>> Looking forward to your reply and thanks in advance!!!
>> The mask bits are not stored in current version of nfdump - so it does not
>> work yet.
>>
>> - Peter
>>
>>> Eddie
>>>
>>>
>>> ________________________________
>>> 寄件人﹕ Chor Keung Li <ckat...@yahoo.com.hk>
>>> 收件人 nfdump-discuss@lists.sourceforge.net
>>> 傳送日期﹕ 2009 年 7月 27 日 星期一 下午 4:46:47
>>> 主題: How can display IP prefix
>>>
>>>
>>> Hello all,
>>>
>>> I'm new to nfdump. How can I display the neflow information with source IP
>>> prefix and destination IP prefix by using nfdump. I can't see any
>>> predefined tags in the customer output format.
>>>
>>>
>>> eg. 192.168.0.10/24
>>>
>>>
>>> Regards,
>>>
>>> Eddie
>>>
>>>
>>> Yahoo!香港提供網上安全攻略,教你如何防範黑客! 請前往 http://hk.promo.yahoo.com/security/
>>>了解更多!
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> ------------------------------------------------------------------------------
>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
>>> trial. Simplify your report design, integration and deployment - and focus
>>> on
>>> what you do best, core application coding. Discover what's new with
>>> Crystal Reports now. http://p.sf.net/sfu/bobj-july
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Nfdump-discuss mailing list
>>> Nfdump-discuss@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>> - --
>> _______ SWITCH - The Swiss Education and Research Network ______
>> Peter Haag, Security Engineer, Member of SWITCH CERT
>> PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
>> SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
>> E-mail: peter.h...@switch.ch Web: http://www.switch.ch/
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.5 (Darwin)
>>
>> iQCVAwUBSnfG6/5AbZRALNr/AQI6KwQAmIsQnIcLDaPWidUH0b8dloqLxwxAS9Pu
>> 0J20zuPjoTRcuEvq84oO20C4ldRNNfV0MkVe1T2LGQFdhtFqdGPaA7mlGjwhwlCw
>> 4+sF0LMwCH2LnzOtubs84+l0M9a644qFq0Z3XgSykB9VAhKMJF7vM0U2M/CoDTAT
>> LyTNTAxrh8A=
>> =RDds
>> -----END PGP SIGNATURE-----
>>
>>
>>
>> Yahoo!香港提供網上安全攻略,教你如何防範黑客! 請前往 http://hk.promo.yahoo.com/security/ 了解更多!
>
> - --
> _______ SWITCH - The Swiss Education and Research Network ______
> Peter Haag, Security Engineer, Member of SWITCH CERT
> PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
> SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
> E-mail: peter.h...@switch.ch Web: http://www.switch.ch/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (Darwin)
>
> iQCVAwUBSnfpFf5AbZRALNr/AQIpagP9Gn4SP186zJQNpg6z0cjhseiy5V6L5Eox
> nwfKAznfa2hiPxSM3zbYXO9nv428d4NPd/OswfMrxdhk5hhEwpcQM2ij5G5LYbVr
> eCuN4Kt4fJ6w2JLTjeskFoWMbJzRShsIiFNlHl+B8KsRvEVNR/fk2DAMxwoutzsG
> iofQSPk+LzY=
> =5vU4
> -----END PGP SIGNATURE-----
>
>
>
> Yahoo!香港提供網上安全攻略,教你如何防範黑客! 請前往 http://hk.promo.yahoo.com/security/ 了解更多!
>
>
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. http://p.sf.net/sfu/bobj-july
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: peter.h...@switch.ch Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBSnghdv5AbZRALNr/AQLrWwQAh62XBBDivDPGcs5sPNPQM8vndH3Bn96D
Bod3FtbSINbMttRrP+FoAl2xUbv3lqiDxaqQW4MJYq7tzQUR2H7jivpW+cjR70D1
sb8CZgOEaj9KYHFSxuWzTBESAOp1iGD7NLYayKgJwiNyuZxf73MjJdCGprMu+YGa
SpnLlbg6z3Y=
=9Z5y
-----END PGP SIGNATURE-----
Yahoo!香港提供網上安全攻略,教你如何防範黑客! 請前往 http://hk.promo.yahoo.com/security/ 了解更多!------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
