Nfdump

From Teknologisk videncenter
Jump to: navigation, search

Aggregate flows example

root@nf1:/var/cache/nfdump# nfdump -b -r nfcapd.202106050529 | head
Date first seen          Duration Proto      Src IP Addr:Port           Dst IP Addr:Port   Out Pkt   In Pkt Out Byte  In Byte Flows
2021-06-05 05:31:04.668     0.108 UDP       192.168.1.84:61580 <->    142.250.74.14:443          7        9     2861     4507     2
2021-06-05 05:30:59.624     0.000 UDP            8.8.8.8:53    <->     192.168.1.84:51174        0        1        0      115     1
2021-06-05 05:33:32.848     0.000 UDP            8.8.8.8:53    <->     192.168.1.84:53396        0        1        0      118     1
2021-06-05 05:31:10.472    69.496 TCP       192.168.1.84:31773 <->   35.199.147.118:443         16       14    10896     4714     6
2021-06-05 05:33:33.856     0.000 UDP            8.8.8.8:53    <->     192.168.1.84:58791        0        1        0      143     1
2021-06-05 05:31:11.984     0.036 UDP            8.8.8.8:53    <->     192.168.1.84:56388        0        2        0      240     1
2021-06-05 05:31:10.800    13.372 UDP       192.168.1.84:59339 <->    172.217.20.46:443         15       13     4429     6186     2
2021-06-05 05:30:30.544    75.892 TCP       192.168.1.84:31750 <->     162.125.7.20:443         18       15     4903     4260     4
2021-06-05 05:31:28.332     0.032 UDP            8.8.8.8:53    <->     192.168.1.84:60118        0        2        0      394     2


Links

Retrieved from "http://mars.merhot.dk/w/index.php?title=Nfdump&oldid=40535"