nfdump is a set of tools to collect and process netflow data. It's fast and has a powerful filter pcap like syntax. It supports netflow versions v1, v5, v7, v9 and IPFIX as well as a limited set of sflow. It includes support for CISCO ASA (NSEL) and CISCO NAT (NEL) devices, which export event logging records as v9 flows.
nfdump is fully IPv6 compatible.


  • What steps do I have to do to make the basic installation of nfdump?
    What are the hardware requirements for the collector?

  • Star1609

    Hi i can't write a ticket in a bug report. I have a problem with packets/bits counting by nfcapd. I'm using cisco catalist 7600 (720 sup) ios 12.2(33)SRD4 , and nfcapd/nfsen software for collecting data. I m using such config on cisco:
    ip flow-export destination x.x.x.x 9995
    ip flow-export version 5
    mls netflow usage notify 90 120
    mls nde sender version 5
    mls sampling time-based 4096
    mls netflow usage notify 90 120

    The problem is that traffic which is shown by nfdump while opening one file (5min) is 520 T and average speed 13.5 T per second , while real speed on interface is 40 gigabit per second (4x10g) and real data collected between 1-2 T . How can i fix it ?
    i don't use sample on collector

