Re: [Nfdump-discuss] Use of the direction field in nfdump -b, -B or -A

Tue, 14 Aug 2012 04:15:21 -0700 

Hi Sam,

On 14/8/12 12:36 PM, Sam Crawford wrote:
> Morning all,
> 
> I'm successfully capturing the "direction" extension attribute from v9
> flows, and I'm keen to use this to accurately infer traffic direction.
> 
> Does anyone know if nfdump with the "-b" or "-B" argument takes into
> account the direction field? Or alternatively, is there a way to
> instruct the "-A" argument to use the direction as a part of the key
> too?

-b and -B do not take this field into account. The match is done via the
5 tuple protocol,srcip,srcport,dsip,dstport

-A does not understand direction, however could be implemented easily.

The direction extension was not widely used so far. As far as I understand
your question, you want to have -b using this field if present. The only
impact would be, that IP src and dst would be swapped, as you can point out
the direction. Or do I miss something?

Regards

        - Peter

> 
> I can understand why we wouldn't want to do this by default, but it
> would be nice to have an option to trust the direction field if we
> know it is always going to be present.
> 
> Thanks,
> 
> Sam
> 
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
> 

-- 
Be nice to your netflow data. Use NfSen and nfdump :)

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to