dek443
commented
3 years ago We tested this decoder, and all looks good. We agree it has its purpose alongside the other flow decoders. Thank you for your continued support and contributions.
Closed amm3 closed 3 years ago
dek443
commented
3 years ago We tested this decoder, and all looks good. We agree it has its purpose alongside the other flow decoders. Thank you for your continued support and contributions.
I find it useful to sometimes just view all flows that have data transmitted. This weeds out port-scanning and other empty connections that clutter netflow output, particularly when triaging.