No information about protocol in a dictionary

[AlexLov]

Information about which protocol is be used also needed!

>>>import pynfdump
>>>record=pynfdump.nfdump.search_file('/var/cache/flow/2009/07/01/nfcapd.200907010000')
>>> for r in records:
...     print r['prot']
...
None
None

[JustinAzoff]

Hi! I'm terribly sorry to have not gotten back to you about this, I must not have issue notification turned on or something.

The 'prot' field should be filled in. The way it works is nfdump returns the protocol number, and then I use /etc/protocols to convert it to the protocol name.

I just committed a change that will have it return the number if the name can't be looked up in /etc/protocols, but this won't really fix the issue you are having.

Either nfdump isn't returning the protocol field, or the /etc/protocols lookup is failing. I'm not sure which in your case, can you run the following:

$ nfdump -o pipe -r /var/cache/flow/2009/07/01/nfcapd.200907010000 | cut -d '|' -f 6

that should output the protocol number.

$ grep tcp /etc/protocols 

should output something like

tcp 6   TCP     # transmission control protocol