[Flow-tools] Newbie asking for help

[Joe Loiacono]

You might try nprobe from the NTOP group: http://www.ntop.org/nProbe.html 
Web site indicates that universities can get it for no cost.

fprobe is another option. http://sourceforge.net/projects/fprobe  GPL 
license without a fee, I believe.

These convert captured IP packets into netflow data and export that to 
your collector (e.g., flow-tools)

Joe




"Dainin Touch" <dainintouch at googlemail.com> 
Sent by: flow-tools-bounces at list.splintered.net
01/04/2008 08:50 AM

To
flow-tools at list.splintered.net
cc

Subject
[Flow-tools] Newbie asking for help






Hello all,

I would like to use the traffic generator Harpoon
(http://pages.cs.wisc.edu/~jsommers/harpoon/) to generate
synthetic traffic in order to conduct experiments for my 
research project. Since I don't have any netflow records
available, I plan to use Harpoon to replay the packet traces
available at the Dartmouth archive (http://crawdad.cs.dartmouth.edu/ ).

The problem is that most of these traces are stored as packet header
traces (tcpdump) and Harpoon can only use either Netflow version 5
wire format or flow-tools format.

My questions are:
1. Are there tools available to convert tcpdump traces into flow-tools 
format? 
2. If no such tools are available, I could try to write one. But can 
someone
give me a hint how the flow-tools format look like? Harpoon appears to
be able to work with flow-cat's output but I couldn't find any information 

on the Internet how flow-cat's format look like.

I am sorry if my questions are obvious. I am new to flow-tools.

Much thanks in advance,
Dainin



_______________________________________________
Flow-tools mailing list
flow-tools at splintered.net
http://mailman.splintered.net/mailman/listinfo/flow-tools
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.splintered.net/pipermail/flow-tools/attachments/20080104/fbb7d7a2/attachment.htm