[Nfdump-discuss] NFDUMP/NFSEN and Cisco IOS NAT

[Darrell E. <dar...@gm...>]

I've been trying for a while to figure out if NFDUMP will allow me to tie
the pre and post NAT traffic together. A recent recomplie has added a X-src
and X-Dst (I think this is for Cisco ASA).

I am using Cisco IOS with Netflow v9. I compiled nfdump with
--enable-nfprofile --enable-nftrack --enable-nsel and --enable-sel.

Thanks for any help.


Aggregated flows 1045
Top 100 flows ordered by flows:
Date first seen          Event  XEvent Proto      Src IP Addr:Port
Dst IP Addr:Port     X-Src IP Addr:Port        X-Dst IP Addr:Port   In Byte
Out Byte
2015-03-04 09:49:25.676 INVALID  Ignore TCP     74.125.196.188:443   ->
204.116.93.xxx:62819          0.0.0.0:0     ->          0.0.0.0:0
364        0
2015-03-04 09:49:38.604 INVALID  Ignore TCP     204.116.93.xxx:2163  ->
108.160.170.49:443            0.0.0.0:0     ->          0.0.0.0:0
2926        0
2015-03-04 09:49:38.600 INVALID  Ignore TCP     108.160.170.49:443   ->
204.116.93.xxx:2163           0.0.0.0:0     ->          0.0.0.0:0
2499        0
2015-03-04 09:49:38.604 INVALID  Ignore TCP       192.168.1.65:2163  ->
108.160.170.49:443            0.0.0.0:0     ->          0.0.0.0:0
2926        0
2015-03-04 09:49:25.640 INVALID  Ignore TCP       192.168.2.19:62819 ->
74.125.196.188:443            0.0.0.0:0     ->          0.0.0.0:0
287        0
2015-03-04 09:49:25.640 INVALID  Ignore TCP     204.116.93.xxx:62819 ->
74.125.196.188:443            0.0.0.0:0     ->          0.0.0.0:0
287        0
2015-03-04 09:49:21.697 INVALID  Ignore TCP     204.116.93.xxx:2835
->       31.13.73.1:443            0.0.0.0:0     ->          0.0.0.0:0
16798        0
2015-03-04 09:49:42.691 INVALID  Ignore TCP     204.116.93.xxx:49280 ->
108.160.169.188:443            0.0.0.0:0     ->          0.0.0.0:0
3696        0
2015-03-04 09:49:42.691 INVALID  Ignore TCP       192.168.2.15:49280 ->
108.160.169.188:443            0.0.0.0:0     ->          0.0.0.0:0
3696        0
2015-03-04 09:49:42.402 INVALID  Ignore TCP    108.160.169.188:443   ->
204.116.93.xxx:49280          0.0.0.0:0     ->          0.0.0.0:0
2819        0
2015-03-04 09:49:21.693 INVALID  Ignore TCP       192.168.3.23:2835
->       31.13.73.1:443            0.0.0.0:0     ->          0.0.0.0:0
16798        0
2015-03-04 09:50:08.285 INVALID  Ignore TCP       192.168.3.23:1502  ->
64.53.32.162:80             0.0.0.0:0     ->          0.0.0.0:0
11124        0
2015-03-04 09:49:29.183 INVALID  Ignore TCP     204.116.93.xxx:39461 ->
54.164.36.33:80             0.0.0.0:0     ->          0.0.0.0:0
2075        0
2015-03-04 09:50:22.440 INVALID  Ignore TCP       54.164.36.33:80    ->
204.116.93.xxx:60078          0.0.0.0:0     ->          0.0.0.0:0
1894        0
2015-03-04 09:50:20.381 INVALID  Ignore TCP       54.164.36.33:80    ->
204.116.93.xxx:33010          0.0.0.0:0     ->          0.0.0.0:0
1821        0
2015-03-04 09:50:20.381 INVALID  Ignore TCP       192.168.2.24:33010 ->
54.164.36.33:80             0.0.0.0:0     ->          0.0.0.0:0
2082        0
2015-03-04 09:49:43.609 INVALID  Ignore TCP     204.116.93.xxx:51530 ->
54.152.1.242:443            0.0.0.0:0     ->          0.0.0.0:0
457        0
2015-03-04 09:49:29.183 INVALID  Ignore TCP       192.168.2.14:39461 ->
54.164.36.33:80             0.0.0.0:0     ->          0.0.0.0:0
2075        0
2015-03-04 09:49:53.412 INVALID  Ignore TCP     204.116.93.xxx:40733 ->
54.164.36.33:80             0.0.0.0:0     ->          0.0.0.0:0
2231        0
2015-03-04 09:49:43.778 INVALID  Ignore TCP       192.168.1.62:51529 ->
54.152.187.227:443            0.0.0.0:0     ->          0.0.0.0:0
405        0
2015-03-04 09:50:08.289 INVALID  Ignore TCP     204.116.93.xxx:1502  ->
64.53.32.162:80             0.0.0.0:0     ->          0.0.0.0:0
11124        0