[GTER] netflow - headers

Wed Feb 4 11:46:13 -02 2009

Veja se ajuda..

#:unix_secs,unix_nsecs,sysuptime,exaddr,dpkts,doctets,first,last,engine_type,engine_id,srcaddr,dstaddr,nexthop,input,output,srcport,dstport,prot,tos,tcp_flags,src_mask,dst_mask,src_as,dst_as

Artur

On Wed, Feb 4, 2009 at 10:34 AM, Julio Arruda <jarruda-gter at jarruda.com>wrote:

> Alexandre J. Correa - Onda Internet wrote:
>
>> Caros,
>>
>> executando o comando
>>
>>
> Netflow v5 nao e' padrao, v9 e' baseado no IPFIX (vice versa :-).
> Procure por netflow v5 record format no google e vai achar varios links.
> Tenho varios PPT a respeito, se nao achar, posso lhe enviar em pvt.
>
> PS: Dependendo do dispositivo, existem certas coisas esquisitas, nao deve
> lhe afetar.
>
>
>
>  flow-cat ft-v05.2001-05-01.xxxxxxxxxxxxxxxxxx | flow-export -f 2 | grep -v
>> \# | ./flow-asn.pl
>>
>> ele me retorna o conteudo do flow ja atualizado com os AS´s ...
>> corretamente...
>>
>> 1233726600,483724374,1967359884,189.84.0.1,7,384,1967324036,1967344676,0,0,41.215.176.209,189.84.0.3,189.84.0.3,3,1,52843,46542,6,0,2,0,24,36959,28362
>>
>> 1233726600,483724374,1967359884,189.84.0.1,2,294,1967330272,1967344488,0,0,189.84.1.102,119.113.139.122,189.112.98.54,1,3,54058,19074,17,0,16,24,0,28362,4837
>>
>> 1233726600,483724374,1967359884,189.84.0.1,6,812,1967330748,1967344640,0,0,189.84.1.102,189.74.142.164,189.112.98.54,1,3,13873,3144,6,0,26,24,0,28362,8167
>>
>> 1233726600,483724374,1967359884,189.84.0.1,9,901,1967327668,1967343188,0,0,193.39.71.2,189.84.1.102,189.84.0.2,3,1,2918,13873,6,0,26,0,24,41796,28362
>>
>> 1233726600,483724374,1967359884,189.84.0.1,4,168,1967333108,1967343168,0,0,189.84.1.119,85.58.70.45,189.112.98.54,1,3,13257,59008,17,0,16,24,0,28362,12479
>>
>>
>> alguem sabe me dizer o nome de cada campo ?? achei o rfc mas nao esta
>> batendo a quantidade de campos ....
>>
>>
>> obrigado !!!
>> --
>> gter list    https://eng.registro.br/mailman/listinfo/gter
>>
>
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter
>