Peter Haag

nfdump is a set of tools to collect and process netflow data. It's fast and has a powerful filter pcap like syntax. It supports netflow versions v1, v5, v7, v9 and IPFIX as well as a limited set of sflow. It includes support for CISCO ASA (NSEL) and CISCO NAT (NEL) devices, which export event logging records as v9 flows.
nfdump is fully IPv6 compatible.

Project Members:


  • Anonymous - 2013-07-25

    hello nfdump, thanks so much...

  • recinerodriguez

    recinerodriguez - 2013-08-29

    What steps do I have to do to make the basic installation of nfdump?
    What are the hardware requirements for the collector?

  • Star1609

    Star1609 - 2013-10-25

    Hi i can't write a ticket in a bug report. I have a problem with packets/bits counting by nfcapd. I'm using cisco catalist 7600 (720 sup) ios 12.2(33)SRD4 , and nfcapd/nfsen software for collecting data. I m using such config on cisco:
    ip flow-export destination x.x.x.x 9995
    ip flow-export version 5
    mls netflow usage notify 90 120
    mls nde sender version 5
    mls sampling time-based 4096
    mls netflow usage notify 90 120

    The problem is that traffic which is shown by nfdump while opening one file (5min) is 520 T and average speed 13.5 T per second , while real speed on interface is 40 gigabit per second (4x10g) and real data collected between 1-2 T . How can i fix it ?
    i don't use sample on collector

    Last edit: Star1609 2013-10-25
  • Dmitri

    Dmitri - 2014-12-10

    I can't report a bug! When I'm trying to create binary with size more than 2 GiB, I got error. For example: nfdump -r filename -w binfile -f $filterhere. Error: File size limit exceeded. nfdump version 1.6.10p1. On newer version error too. Text file created without problem (5GiB)
    Edited: possible os limitation (singned int used for offset).
    Another problem: in last versions of nfdump, if no space on disk or problem, described above, nfdump program prints error message infinitely instead of print it one time and exit with return code.

    Last edit: Dmitri 2015-01-14
  • roysbike

    roysbike - 2014-12-14

    Help me. Please add the pipe output NEL. (SRC_nat , DST_nat in machine code)

  • Paul Escat

    Paul Escat - 2015-01-21

    Good evening. Does someone know how can I filter by hostname or by fully qualified domain name? The problem is that the only information that nfdumpd gives when you use 'host www.hostname.com' or by dst ip 'FQDN' is: Resolving IP adress...but no statistics appear...

    I would really appreciate any advice or example for resolving this.


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks