Re: [Nfdump-discuss] Question about NBAR exporting using NetFlow

Fri, 03 Apr 2015 03:40:00 -0700 

Hi Krzysztof,
Thanks for the input. Sofar nfdump does not support NBAR. However, if you can
point me to an official document describing the NBAR, I'd happily check an
extension for nfdump. Furthermore, I would need some example traces ( pcaps )
of exporters sending this information. Feel free to contact me off list.

        - Peter

On 28.01.15 18:05, Krzysztof Szemiot wrote:
> 
> Hello!
> 
> nfdump does not understand Cisco application options:
> 
> _____________________________________________________________________________
> | Field | ID | Ent.ID | Offset | Size |
> -----------------------------------------------------------------------------
> | APPLICATION ID | 95 | | 0 | 4 |
> | application category name | 45000 | 9 | 4 | 32 |
> | application sub category name | 45001 | 9 | 36 | 32 |
> | application group name | 45002 | 9 | 68 | 32 |
> | p2p technology | 288 | | 100 | 10 |
> | tunnel technology | 289 | | 110 | 10 |
> | encrypted technology | 290 | | 120 | 10 |
> 
> Has anybody attempted to add this before?
> I would be grateful if pointed where I need to make changes.
> 
> Krzysztof Szemiot
> Network Engineering & Operations
> Raytheon Company
> 
> 
> 
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net/
> 
> 
> 
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
> 

-- 
Be nice to your netflow data. Use NfSen and nfdump :)

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to