Given a nfcapd file produced in nfdump nfcapd.2017 which is in the default binary format
How would I create a version of this file in csv format using nfdump?
I tried using nfdump -r nfcapd.2017 -w newfile -o csv but that doesn't seem to work
Asked
Active
Viewed 2,923 times
1 Answers
1
The -w option is for writing in binary nfdump format (or actually nfcapd format). Simply omit it to output in CSV:
nfdump -r nfcapd.2017 -o csv ts,te,td,sa,da,sp,dp,pr,flg,fwd,stos,ipkt,ibyt,opkt,obyt,in,out,sas,das,smk,dmk,dtos,dir,nh,nhb,svln,dvln,ismc,odmc,idmc,osmc,mpls1,mpls2,mpls3,mpls4,mpls5,mpls6,mpls7,mpls8,mpls9,mpls10,cl,sl,al,ra,eng,exid,tr 2018-01-16 16:33:14,2018-01-16 16:33:14,0.003,192.168.2.204,224.0.0.251,5353,5353,UDP,......,0,0,2,691,0,0,0,0,0,0,0,0,0,0,0.0.0.0,0.0.0.0,0,0,00:00:00:00:00:00,00:00:00:00:00:00,00:00:00:00:00:00,00:00:00:00:00:00,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0, 0.000, 0.000, 0.000,0.0.0.0,0/0,1,1970-01-01 01:00:00.000 2018-01-16 16:33:14,2018-01-16 16:33:14,0.000,192.168.2.204,192.168.2.70,55925,50767,UDP,......,0,0,1,546,0,0,0,0,0,0,0,0,0,0,0.0.0.0,0.0.0.0,0,0,00:00:00:00:00:00,00:00:00:00:00:00,00:00:00:00:00:00,00:00:00:00:00:00,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0, 0.000, 0.000, 0.000,0.0.0.0,0/0,1,1970-01-01 01:00:00.000 ...
And redirect the output to get a CSV file:
nfdump -r nfcapd.2017 -o csv > nfcapd.2017.csv
toringe
- 1,194
- 3
- 12
- 18
-
that is what I was going to answer. you need to add the > file.csv otherwise it wont be saved. -w never worked for me. – Nelson Feb 11 '20 at 23:23