Tutorial pcap to netflow

tutorial_pcap2netflow.txt

OS: Linux ubuntu 4.10.0-28-generic #32~16.04.2-Ubuntu

Instructions:
1)Uncomment lines from /etc/apt/sources.list(needs root):
	deb-src http://us.archive.ubuntu.com/ubuntu/ xenial universe
	deb-src http://us.archive.ubuntu.com/ubuntu/ xenial-updates universe

2)Run:
	sudo apt-get update && sudo apt-get upgrade

3)Download the source files of nfdump and dependencies:
	sudo apt-get source nfdump
	sudo apt-get install libtool	
	sudo apt-get install dh-autoreconf	
	sudo apt-get install libpcap-dev
  	sudo apt-get install libghc-bzlib-dev
	sudo apt-get install flex

	

4)Navigate into the directory and run autogen.sh
	cd nfdump
	chmod u+x autogen.sh && ./autogen.sh

5)Run:
	./configure --enable-sflow --enable-readpcap --enable-nfpcapd

6)Run:
	make
	sudo make install
	sudo ldconfig

7)You can now convert pcaps to nflow by running:
	nfpcapd -r <path_to_pcap_file> -l <output_directory>

8)Then you can use nfdump to export the netflows:
	cd <output_directory>
	nfdump -r <nflow_file> -o extended -o csv > <output_file>

In WSL:
autogen.sh: configure nfdump-1.6.18
autogen.sh: could not find PKG_CHECK_MODULES macro.

Either pkg-config is not installed on your system or
`pkg.m4' is missing or not found by aclocal.

If pkg.m4' is installed at an unusual location, re-run autogen.sh' by setting `ACLOCAL_FLAGS':

ACLOCAL_FLAGS="-I <prefix>/share/aclocal" ./autogen.sh

solution:
sudo apt-get install autoconf pkgconf -y

ensure you have bison as well otherwise you will get make errors when failing to find yacc
sudo apt-get install bison -y