about netflow v5 format

abates / pcap2flow

Program to read a pcap file and export the flows as cflow/netflow records

Apache License 2.0

9 stars 3 forks source link

about netflow v5 format #1

Closed hellovigoss closed 10 years ago

hellovigoss commented 10 years ago

hi, I fork your "pcap2flow" just now. I have some questions.

when I got the netflow data, how can I verify it ? If there is any software for me to choose
In my opinion , netflow V5 data is just output the binary as v5 header and v5 records,right?

thanks very much

abates commented 10 years ago

This tool will export netflow to the network, so you'll need something like nfcapd running somewhere to capture the flow records. You are correct that netflow v5 is just a header plus some number of flow records (this is per-packet). A given netflow export could have several flow records in it.

You can find more information here:

http://www.cisco.com/en/US/docs/net_mgmt/netflow_collection_engine/3.6/user/guide/format.html

Andrew