Last active
October 26, 2023 19:31
-
-
Save jjsantanna/f2ee2f1fe23208299f4a2ca392f8b23f to your computer and use it in GitHub Desktop.
Tutorial pcap to netflow
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| OS: Linux ubuntu 4.10.0-28-generic #32~16.04.2-Ubuntu | |
| Instructions: | |
| 1)Uncomment lines from /etc/apt/sources.list(needs root): | |
| deb-src http://us.archive.ubuntu.com/ubuntu/ xenial universe | |
| deb-src http://us.archive.ubuntu.com/ubuntu/ xenial-updates universe | |
| 2)Run: | |
| sudo apt-get update && sudo apt-get upgrade | |
| 3)Download the source files of nfdump and dependencies: | |
| sudo apt-get source nfdump | |
| sudo apt-get install libtool | |
| sudo apt-get install dh-autoreconf | |
| sudo apt-get install libpcap-dev | |
| sudo apt-get install libghc-bzlib-dev | |
| sudo apt-get install flex | |
| 4)Navigate into the directory and run autogen.sh | |
| cd nfdump | |
| chmod u+x autogen.sh && ./autogen.sh | |
| 5)Run: | |
| ./configure --enable-sflow --enable-readpcap --enable-nfpcapd | |
| 6)Run: | |
| make | |
| sudo make install | |
| sudo ldconfig | |
| 7)You can now convert pcaps to nflow by running: | |
| nfpcapd -r <path_to_pcap_file> -l <output_directory> | |
| 8)Then you can use nfdump to export the netflows: | |
| cd <output_directory> | |
| nfdump -r <nflow_file> -o extended -o csv > <output_file> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ensure you have bison as well otherwise you will get make errors when failing to find yacc
sudo apt-get install bison -y