Re: [Nfdump-discuss] Router interfaces

[Peter H. <pet...@sw...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry folks for coming in late. I was out of the office last week.

As of interface in/out:

nfcapd collects the standard v9 elements NF9_INPUT_SNMP and NF9_OUTPUT_SNMP
which corresponds to %in and %out in the output formats. They are also set
in the corresponding fields when using -o raw:

Flow Record:
  Flags       =       0x00000001
  size        =               76
  mark        =                0
snipp ...
  prot        =               17
  tos         =                0

  input       =                4
  output      =               23
snipp ..

There is only one limitation so far: interface numbers need to be a 2Byte
integer. 4 Bytes are not yet supported. That's the only think I can think
of so far. This is due to the fact, that NF9_INPUT_SNMP and NF9_OUTPUT_SNMP
are 2 bytes by default and snapshot-20070312 does not support other values,
than the default so far.

This also means, that next stable nfdump will have the same behaviour, but
the next development cycle will extend other v9 elements anyway.


    - Peter


- - --On July 13, 2007 14:30:48 +0200 Ralf Kleineisel <ral...@df...> wrote:

| Yann Berthier wrote:
|
| >    you can check with nfcapd -E what's collected
|
| The input/output fields are zero in the -E output.
|
| -------------------------------------------------------------------------
| This SF.net email is sponsored by DB2 Express
| Download DB2 Express C - the FREE version of DB2 express and take
| control of your XML. No limits. Just data. Click to get it now.
| http://sourceforge.net/powerbar/db2/
| _______________________________________________
| Nfdump-discuss mailing list
| Nfd...@li...
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss



- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag,  Security Engineer,  Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA  FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box,  CH-8021   Zurich, Switzerland
E-mail: pet...@sw... Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iQCVAwUBRpuQT/5AbZRALNr/AQI1+wQAiMy1TGjIv2w8j51JAXslomo6ZKOTfkKt
8QCxEdQodDmnnhtVgfhAPCw7bBl/pvwTonqxJ7UrTmsVA+A/2IpIJPPlxb6bLCjc
RM0jQt8qts/Mps+bVvIt15wgOq2oibr30evPICEGM1qwE6+blC3bTvr5GcJeB7bM
V2d2wHUw51M=
=1+Cg
-----END PGP SIGNATURE-----