I mentioned this on misc@ a little while ago, but updated it since then. (eric@ reported a problem on unsigned-char arch's when he tested it before, my fix went upstream and into the newer version).
anyone like to comment/ok? does my handling of the license/copyright notice for sFlow look alright? (see /usr/local/share/doc/nfdump/COPYRIGHT) :: DESCR-main The nfdump tools collect and process netflow data (v5, v7 and v9) on the command line. They are part of the NfSen project. nfcapd - netflow capture daemon. Reads the netflow data from the network and stores the data into files. Automatically rotate files every n minutes. ( typically ever 5 min ) nfcapd reads netflow v5, v7 and v9 flows transparently. You need one nfcapd process for each netflow stream. nfdump - netflow dump. Reads the netflow data from the files stored by nfcapd. It's syntax is similar to tcpdump. If you like tcpdump you will like nfdump. Displays netflow data and can create lots of top N statistics of flows IP addresses, ports etc ordered by whatever order you like. nfreplay - netflow replay. Reads the netflow data from the files stored by nfcapd and sends it over the network to another host. :: DESCR-nfprofile nfprofile is a netflow profiler, which works with the nfdump tools. It reads the netflow data from the files stored by nfcapd, filters the netflow data according to the specified filter sets (profiles) and stores the filtered data into files for later use.
nfdump.tgz
Description: application/tar-gz
