Re: ports information

From: Edwin D. Viñas (edwinv@asti.dost.gov.ph)
Date: Thu Dec 13 2001 - 17:21:59 PST

Next message: Martin van den Nieuwelaar: "Bare-bones Netflow collector tool, source included"

Previous message: Doan, Viettrung: "unsubscrive"
In reply to: Dmitry Alyabyev: "ports information"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Greetings of Peace!!!

Cflowd files are stored in a different format (of course cflowd format).
That's why if you'll try to "more" it,
what you'll see is somewhat like an executable code which is not. In my
experience, I also tried using the
different commands of arts++ such as artsdump, artsnet, artsmatrix,
whatsoever. But, it doesn't output
the informations pertaining to the source ip, dest ip, bytes, protocol, src
port, dest port, etc. How do we
analyze a cflowd format file?

Good thing there a perl module by Dave Plonka which is called "Cflow"
module. To give yourself an idea on
how it works try to analyze his "Flowscan" which uses Cflow to extract
information in a cflowd file. Although,
if you're going to read the manpage for Cflow; it's easy to follow.
Actually, I'm using that module for
analyzing the cflowd files just like what Flowscan is doing. If you're
interested to see my perl script that uses
Cflow to analyze a cflowd file format; don't hesitate to email me and I'll
give it you. Right now, i'm still
testing my script for interfacing with a Postgresql database.

Regards,

Edwin
Quezon City, Philippines

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTHERS THINK TEN MINUTES AHEAD;
FILIPINOS THINK TEN YEARS AHEAD.

Name: Edwin D. Viñas
Position: Science Research Specialist I
Company: Advanced Science and Technology Institute
(http://www.asti.dost.gov.ph)
Project: PREGINET (http://preginet.asti.dost.gov.ph)
Email: edwinv@asti.dost.gov.ph
Personal Website: http://www.geocities.com/edwin_vinas
Voice/Text: +63 2 916 375 05 52
Office: +63 2 435 10 71
Fax: +63 2 435 10 52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----- Original Message -----
From: "Dmitry Alyabyev" <dimitry@al.org.ua>
To: <cflowd@caida.org>
Sent: Thursday, December 13, 2001 4:21 PM
Subject: ports information

> Hello
>
> Can someone tell me how (by which program) can I get information
> about src, dst, src/dst ports, bytes for selected net from flow-file ?
> We're using arts++-1-1-a6 and when I run artsports it is impossible to
> get info for one selected net.
> How can I get over that ?
>
> Thanks,
> --
> Dimitry
>
>
> --
> cflowd mailing list
> cflowd@caida.org

--
cflowd mailing list
cflowd@caida.org

Next message: Martin van den Nieuwelaar: "Bare-bones Netflow collector tool, source included"
Previous message: Doan, Viettrung: "unsubscrive"
In reply to: Dmitry Alyabyev: "ports information"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Dec 13 2001 - 17:30:17 PST