Re: [Cflowd] Protocol analysis by Network

From: Mark Fullmer (maf@eng.oar.net)
Date: Tue Jun 04 2002 - 04:40:43 PDT

Next message: Mike Hyde: "RE: [Cflowd] RE: flow from GSR12000"

Previous message: Hendrik Visage: "Re: [Cflowd] Raw Files and Rules"
In reply to: Darren Ward: "RE: [Cflowd] Protocol analysis by Network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Or use flow-tools...http://www.splintered.net/sw/flow-tools

On Tue, Jun 04, 2002 at 04:27:56PM +1000, Darren Ward wrote:
> Paul,
>
> You run flowdump on the raw flow files not the arts ones which are created
> by cfdcollect from the raw flow files.
>
> Or as I'm about to try and do, write your own scripts to extract the raw
> flow info from the raw files and do what you want with it :)
>
> Darren
>
> -----Original Message-----
> From: Paul Matthews [mailto:matthewsp@powertel.com.au]
> Sent: Tuesday, 4 June 2002 4:01 PM
> To: 'cflowd@caida.org'
> Subject: [Cflowd] Protocol analysis by Network
>
>
> I have been using the netmatrix and the artsnets utility to give me a
> breakdown of traffic by particular source and destination networks ie
> artsnets -d 202.92.116.0/24 arts.20020530
> I'd like to get more granularity into this data and have a breakdown by
> Network and then by protocol - sepcifically I want to see how much is smtp.
> I have turned on the protocol configuration parameter - however the Protocol
> table seems to only contain this data - how do you correlate the 2 tables ?
>
> Do I have to run flowdump on the arts files instead of the arts utilities ?
>
> Thanks,
>
> Paul Matthews
> Network Management Systems
> PowerTel Limited
> matthewsp@powertel.com.au
>
>
>
>
> **********************************************************************
> PowerTel Limited, winners of
> Broadband Wholesale Carrier of the year, CommsWorld Telecomms Awards 2001
> Best Emerging Telco, Australian Telecom Awards 2001
>
> **********************************************************************
> This email (including all attachments) is intended solely for the named
> addressee. It is confidential and may contain commercially sensitive
> information. If you receive it in error, please let us know by reply email,
> delete it from your system and destroy any copies.
>
> This email is also subject to copyright. No part of it should be reproduced,
> adapted or transmitted without the prior written consent of the copyright
> owner.
>
> Emails may be interfered with, may contain computer viruses or other defects
> and may not be successfully replicated on other systems. We give no
> warranties in relation to these matters. If you have any doubts about
> the authenticity of an email purportedly sent by us, please contact us
> immediately.
>
> **********************************************************************
>
> _______________________________________________
> Cflowd mailing list
> Cflowd@caida.org
> http://login.caida.org/mailman/listinfo/cflowd
>
> _______________________________________________
> Cflowd mailing list
> Cflowd@caida.org
> http://login.caida.org/mailman/listinfo/cflowd

_______________________________________________
Cflowd mailing list
Cflowd@caida.org
http://login.caida.org/mailman/listinfo/cflowd

Next message: Mike Hyde: "RE: [Cflowd] RE: flow from GSR12000"
Previous message: Hendrik Visage: "Re: [Cflowd] Raw Files and Rules"
In reply to: Darren Ward: "RE: [Cflowd] Protocol analysis by Network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jun 04 2002 - 04:46:39 PDT