Re: [Nfsen-discuss] A Better way to nfreplay flows?

Sun, 02 Mar 2008 23:59:01 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- --On February 29, 2008 15:32:42 -0500 Chad Kotil <[EMAIL PROTECTED]> wrote:

| Hi,
| Im looking for a better way to 'replay' my flows for nfsen capture.
|
| Currently I have all my flows on an external array and I am reading in
| the flows w/ nfdump and then piping the flows to nfreplay which fans
| out to my localhost so nfsen can capture and parse the flows.
|
| Here is my command..
| nfdump -M /flow/array1/netflow/atla:chic:denv:hous:losa:newy:seat:wash
| -R . -w - | nfreplay &
|
| My question: Is there a better way for nfsen to read in nfcapd flows
| that are already written to disk?

nfreplay usually only reads flows from a single file. It's function was a
kind of replaced by the fact, that nfcapd itself can forward packets it receives
to another host/port i.e. another collector. This works in a constant mode, 
whereas
your version sends all flows from all directories to another host, and 
terminates
afterwards, even if new files come in. So what exactly do you want to do?
Use the right tool for the right task.

    - Peter

|
| Thanks,
|
| Chad E. Kotil
| Global Research NOC
|
|
|
|
|
| -------------------------------------------------------------------------
| This SF.net email is sponsored by: Microsoft
| Defy all challenges. Microsoft(R) Visual Studio 2008.
| http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
| _______________________________________________
| Nfsen-discuss mailing list
| [email protected]
| https://lists.sourceforge.net/lists/listinfo/nfsen-discuss



- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag,  Security Engineer,  Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA  FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box,  CH-8021   Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iQCVAwUBR8uvvP5AbZRALNr/AQLqbAQAjxTehIEp7h/R2FkLybHfHj+w47dh1mWw
nOwVHfaDcJYBOP63OQJBormvm7SbVKxwUkqzFRhNSXyH8FxVzs3ej8MqgZm99++m
YWTQnAHPb+Vz6VSomoUdrJw1SuyCFy1XkxVpvPntSg1Rsj6a19JylV/UeDYt0Fmr
yVEnT9siM1A=
=1e4l
-----END PGP SIGNATURE-----


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Reply via email to