我有几个nfcapd 守护程序捕获的 NetFlow 转储。是否有可能将它们转换为.pcap格式,以便我可以用我的软件分析它们?
问问题
1716 次
1 回答
1
Basically no; most of the information from the packets is lost, including the entire payloads. NetFlow summarizes the header information from all the packets in a given session: it could be a dozen or thousands. The NetFlow dumps do not (to my recollection) include partial updates either. So, you can go one way (convert from pcap to NetFlow) but not the other way.
That said, if all you need for your analysis are the IP headers of the first packets, you might be able to fake something. But I don't know of any tool that does it.
于 2013-10-21T00:55:03.133 回答