Thank you all.
We are using cumry.com at the moment to get AS numbers through some other
web access logs.
I thought that there was already something written to work in conjunction
with nfdump.
I guess will have to write something ourselves.
The idea I had was to go through the nfdump files, find the AS number where
0, replace it and rewrite back the file in nfdump format.
Will see what turns out.
thanks again,
Alban
On Wed, Apr 16, 2008 at 6:44 AM, Adrian Popa <[EMAIL PROTECTED]>
wrote:
> Or you can do it yourself:
>
> [EMAIL PROTECTED]:~$ whois -h whois.radb.net 92.80.0.0/24 | grep 'origin:' |
> head -1 | awk '{print $2; }' | sed -s 's/AS//g'
> 9050
>
> You can write bash/perl/php/python wrappers that process your netflow
> output and convert ip classes to AS-es. Note that this is done by querying
> RADB (and it will be slow for large amounts of data).
>
>
> On Wed, Apr 16, 2008 at 11:49 AM, Lambert Hoogeveen <[EMAIL PROTECTED]>
> wrote:
>
> > Hi Alban,
> > There's a website
> > "http://asn.cymru.com/cgi-bin/whois.cgi";<http://asn.cymru.com/cgi-bin/whois.cgi>that
> > looks up AS numbers for given IP addresses.
> > Obviously this is just for one-off queries, but perhaps you can contact
> > them if they can provide the script or more advanced tools.
> > Hope this is of (some) help.
> >
> > Lambert
> >
> >
> > Alban Dani wrote:
> >
> > Peter, thank you.
> >
> > I figured that out after looking at the routing tables too.
> >
> > I am in a bit of a bind right now because many of the routers do not
> > have the capacity to get the full routing table
> > and on the other hand I really need these AS number.
> > Is there any tool (ie script) that would work in conjunction with nfdump
> > to get the AS number based on the ip addresses.
> > and then feed the data back in?
> >
> > thank you again,
> >
> > Alban
> >
> >
> > On Mon, Apr 14, 2008 at 3:23 AM, Peter Haag <[EMAIL PROTECTED]><[EMAIL
> > PROTECTED]>wrote:
> >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > >
> > >
> > > - --On April 10, 2008 18:44:26 -0400 Alban Dani <[EMAIL PROTECTED]>
> > > wrote:
> > >
> > > | I have a router that connects to two ISP providers and am interested
> > > only in
> > > | the traffic going out to them
> > > |
> > > | I configured "ip flow egress" on the two physical interfaces
> > > connected to
> > > | them.
> > > | No flow related config in any other interface.
> > > |
> > > | otherwise the rest of the config is:
> > > |
> > > | mls netflow interface
> > > | mls flow ip interface-full
> > > | no mls flow ipv6
> > > | mls nde sender version 5
> > > | mls sampling packet-based 4096 16000
> > > |
> > > |
> > > | Nfsen is still reporting a lot of flows with Dst AS 0.
> > > |
> > > | This is a cisco ME-C6524GT-8S - Version 12.2(33)SXH1 and I have not
> > > found
> > > | any netflow related bug for it ( so far ).
> > >
> > > AS 0 is a question wether you have full routing and BGP information
> > > at all in the router. Apart from that, there are some IOS
> > > version having problems with AS 0 but not sure which versions ..
> > >
> > > - Peter
> > >
> > > |
> > > | thank you,
> > > |
> > > | Alban
> > >
> > >
> > >
> > > - --
> > > _______ SWITCH - The Swiss Education and Research Network ______
> > > Peter Haag, Security Engineer, Member of SWITCH CERT
> > > PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
> > > SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
> > > E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.4.3 (Darwin)
> > >
> > > iQCVAwUBSAMGY/5AbZRALNr/AQLirwP/WWqUVTVQqDRenRC+axyHjpJzM2sBC+q0
> > > lLbWKGHY0Wi69aStabJv+MgVnhpHhEJHvZF58FLscsb+2wJrslXVg/4jQgkFW8S0
> > > gbjWNCKrSrOZ/TyK2qb/2vWwsVT8v/9sfzcOzo9AQVDlKMAZZpOIzwdNP1mEPSLK
> > > lFKmRFMf9w0=
> > > =QNGP
> > > -----END PGP SIGNATURE-----
> > >
> > >
> > ------------------------------
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> > Don't miss this year's exciting event. There's still time to save $100.
> > Use priority code J8TL2D2.
> > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> >
> > ------------------------------
> >
> > _______________________________________________
> > Nfsen-discuss mailing [EMAIL
> > PROTECTED]://lists.sourceforge.net/lists/listinfo/nfsen-discuss
> >
> >
> >
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> > Don't miss this year's exciting event. There's still time to save $100.
> > Use priority code J8TL2D2.
> >
> > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> > _______________________________________________
> > Nfsen-discuss mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
> >
> >
>
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
