[Flow-tools] Printing raw netflow v5
Ed Ravin
eravin at panix.com
Wed Apr 30 11:25:36 EDT 2008
On Mon, Apr 28, 2008 at 09:06:30PM -0400, Glenn Hochberg wrote:
> On Apr 28, 2008, at 4:41 PM, [1]jloiacon at csc.com wrote:
> Curious how the netflow data got stored in those files originally?
> I.e., what format are they in?
> Fair question (as to how they got stored in the files), but I don't
> know the answer. There are collectors somewhere in another
> organization that store what appears to be the raw PDUs in v5 format
> (i.e. binary).
If those packets were captured from the line, you might be able to
re-insert them with tcpreplay, or another program (maybe hping?) that
lets you stick raw data into packets. If you can play them back on
a network interface then you could capture them with flow-capture the
usual way.
More information about the Flow-tools
mailing list