Nfdump is a set of tools to collect and process netflow data. It's fast and has a powerful filter pcap like syntax.
Nfdump supports netflow versions v5, v7 and v9 as well as a limited set of sflow and is IPv6 compatible.
The nfdump tools process and collect netflow data on the command line.
Nfdump contains the following tools:
nfcapd - netflow capture daemon.
·Reads the netflow data from the network and stores the data into files. Automatically rotate files every n minutes. ( typically ever 5 min ) nfcapd reads netflow v5, v7 and v9 flows transparently. You need one nfcapd process for each netflow stream.
nfdump - netflow dump.
·Reads the netflow data from the files stored by nfcapd. It's syntax is similar to tcpdump. If you like tcpdump you will like nfdump. Displays netflow data and can create lots of top N statistics of flows IP addresses, ports etc ordered by whatever order you like.
nfprofile - netflow profiler.
·Reads the netflow data from the files stored by nfcapd. Filters the netflow data according to the specified filter sets ( profiles ) and stores the filtered data into files for later use.
nfreplay - netflow replay
·Reads the netflow data from the files stored by nfcapd and sends it over the network to another host.
nfclean.pl - cleanup old data
·Sample script to cleanup old data. You may run this script every hour or so.
ft2nfdump - Read and convert flow-tools data.
·Reads flow-tools data from files or from stdin in a chain of flow-tools commands and converts the data into nfdump format to be processed by nfdump.
What's New in This Release: [ read full changelog ]
· Fix SPARC compile/optimise bug
· Add output packet/bytes counter to global stat important for NSEL flows ASA > 8.5
· Add NSEL filter options xnet
· Modify extension descriptor code for nfdump1.7. Still use 1.6 extension map layout for compatibility
· Add prototype for nfpcapd pcap -> nfdump collector. Converts traffoc directly to nfdump files.
· Fix bug in ipfix module: uninitialised variable
· Cleanup syslog/LogError calls
· Fix minor non critical bugs and compile issues