On Mon, 8 Apr 2002, Annie Tong wrote:
> I'm wondering does ethereal read the captured netflow data from Cisco?
> Currently I'm using Flow-Tools to capture the netflow traffic exported
> from Cisco 7507, and using Flowscan to anaylsis the raw data. Ethereal
> seems to be an interesting and useful tool and I would like to use it as
> the traffic analyser if it's compatiable to Flow-Tool formatted raw data.
Flow-tools comes with a utility called "flow-export" that's supposed to be
able to convert flow data to something that should be readable by
Ethereal, tcpdump, and ntop.
I'm running flow-tools 0.56 here at work. Its version of flow-export
segfaults every time I try to export libpcap data. I tried the
flow-export that comes with 0.55, and it creates a data file readable by
tcpdump but not Ethereal. I'll see if I can track down the problem.
Keep in mind that the flow data doesn't contain enough information to
completely reconstruct the packet data. The flow-export man page also
mentions this:
BUGS
The pcap format is a hack.
> Please advice. Thank You!
>
> Regards,
>
> Annie Tong
> MAE Engineering
> MCI WorldCom
>
>
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>