Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

nfreplay(1) [debian man page]

nfreplay(1)															       nfreplay(1)

NAME

       nfreplay - netflow replay program

SYNOPSIS

       nfreplay [options] [filter]

DESCRIPTION

       nfreplay  is  the netflow replay program of the nfdump tool set.  It reads data from files stored by nfcapd and sents the netflow data to a
       host or a multicat group. The filter syntax is equivalent to nfdump. If a filter is supplied, only the matching flows are  sent.   See  the
       nfdump(1) man page for a detailed description of the filter syntax. All records are sent as netflow version 5.

OPTIONS

       -H remotehost
	  Send all flows to this remote host. Accepts a symbolic name or a IPv4/IPv6 IP address.  Defaults to IPv4 localhost 127.0.0.1.

       -j mcastgroup
	  Join this multicast group and send all flows to this group host. Accepts a symbolic name or multicast IPv4/IPv6 IP address.

       -p port
	  Send all flows to this port on the remote side. Default is 9995.

       -4 Forces  nfreplay  to	send  flows  to  a IPv4 address only. Can be used together with -i if the remote host has an IPv4 and IPv6 address
	  record.

       -6 Forces nfreplay to send flows to a IPv6 address only. Can be used together with -i if the remote host  has  an  IPv4	and  IPv6  address
	  record.

       -v num
	  Send flows as netflow version num. 5 and 9 are supported. The default is sending the flows as netflow version 5. In version 5 mode, IPv6
	  flows, are skipped and 64bit counters are truncated to 32bit.

       -d usec
	  Delay each record by usec mirco seconds, to avoid overrun on the remote side. Default is 10.

       -b buffersize
	  Set send buffer size in bytes. Useful for large data to transfer. Default is system dependent.

       -r inputfile
	  Read input data from inputfile. Default is read from stdin.

       -t timewin
	  Send only flows, which fall in the time window timewin, where timewin is YYYY/MM/dd.hh:mm:ss[-YYYY/MM/dd.hh:mm:ss].  Any  parts  of  the
	  time spec may be omitted e.g YYYY/MM/dd expands to YYYY/MM/dd.00:00:00-YYYY/MM/dd.23:59:59 and sends all flow from a given day.

       -c num
	  Limit number of records to send to the first num flows.

       -V Print nfreplay version and exit.

       -h Print help text on stdout with all options and exit.

RETURN VALUE

       Returns
	   0   No error.
	   255 Initialization failed.
	   254 Error in filter syntax.
	   250 Internal error.

NOTES

SEE ALSO

       nfcapd(1), nfdump(1), nfprofile(1)

BUGS

								    2009-09-09							       nfreplay(1)

Check Out this Related Man Page

nfexpire(1)															       nfexpire(1)

NAME

       nfanon - netflow anonymisation

SYNOPSIS

       nfanon [options]

DESCRIPTION

       nfanon  is used to anonymise all IP addresses ( src, dst, next hop, router IP etc. ) in the netflow records using the CryptoPAn (Cryptogra-
       phy-based  Prefix-preserving Anonymization) module. The key -K is used to initialize the Rijndael cipher.  The key is either a 32 character
       string, or a 64 hex digit string starting with 0x.

	  See http://www.cc.gatech.edu/computing/Telecomm/cryptopan/ for more information about CryptoPAn.

       nfanon has several modes of operation.

       o  nfanon reads a sequence of input files, specified by -r, -R and -M and anonymises the flows in the given files. The input file arguments
       have the same syntax and meaning as nfdump(1).

       o nfanon reads a sequence of input files, specified by -r, -R and -M.  All anonymised flows are written to a single file specified by -w.

       o nfanon works as filter and reads flows from stding and writes the anonymised flows to stdout.

OPTIONS

       -r inputfile
	  Read input data from inputfile. Default is read from stdin.

       -R expr
	  Read input from a sequence of files in the same directory. expr may be one of:
	   /any/dir	     Read recursively all files in directory dir.
	   /dir/file	     Read all files beginning with file.
	   /dir/file1:file2  Read all files from file1 to file2.

	   Note: files are read in alphabetical sequence.

       -M expr
	  Read input from multiple directories. expr looks like: /any/path/to/dir1:dir2:dir3  etc.  and  will  be  expanded  to  the  directories:
	  /any/path/to/dir1, /any/path/to/dir2 and /any/path/to/dir3 Any number of colon separated directories may be given. The files to read are
	  specified by -r or -R and are expected to exist in all the given directories.  The options -r and -R must not contain any directory part
	  when used in conjunction with -M.

       -w outputfile
	  If specified writes anonymised netflow records to outputfile.

       -K key
	  The key is used to initialize the Rijndael cipher. key is either a 32 character string, or a 64 hex digit string starting with 0x.

RETURN VALUE

       Returns
	   0   No error.
	   255 Initialization failed.
	   250 Internal error.

NOTES

       None.

SEE ALSO

       nfdump(1)

BUGS

								    2009-09-09							       nfexpire(1)
Man Page