给定在nfdump nfcapd.2017 中生成的nfcapd文件,该文件采用默认的二进制格式
如何使用nfdump以csv格式创建此文件的版本?
我尝试使用 nfdump -r nfcapd.2017 -w newfile -o csv ,但这似乎无法正常工作
答案 0 :(得分:0)
-w选项用于以二进制nfdump格式(或实际为nfcapd格式)进行写入。只需省略它以CSV格式输出:
nfdump -r nfcapd.2017 -o csv ts,te,td,sa,da,sp,dp,pr,flg,fwd,stos,ipkt,ibyt,opkt,obyt,in,out,sas,das,smk,dmk,dtos,dir,nh,nhb,svln,dvln,ismc,odmc,idmc,osmc,mpls1,mpls2,mpls3,mpls4,mpls5,mpls6,mpls7,mpls8,mpls9,mpls10,cl,sl,al,ra,eng,exid,tr 2018-01-16 16:33:14,2018-01-16 16:33:14,0.003,192.168.2.204,224.0.0.251,5353,5353,UDP,......,0,0,2,691,0,0,0,0,0,0,0,0,0,0,0.0.0.0,0.0.0.0,0,0,00:00:00:00:00:00,00:00:00:00:00:00,00:00:00:00:00:00,00:00:00:00:00:00,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0, 0.000, 0.000, 0.000,0.0.0.0,0/0,1,1970-01-01 01:00:00.000 2018-01-16 16:33:14,2018-01-16 16:33:14,0.000,192.168.2.204,192.168.2.70,55925,50767,UDP,......,0,0,1,546,0,0,0,0,0,0,0,0,0,0,0.0.0.0,0.0.0.0,0,0,00:00:00:00:00:00,00:00:00:00:00:00,00:00:00:00:00:00,00:00:00:00:00:00,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0, 0.000, 0.000, 0.000,0.0.0.0,0/0,1,1970-01-01 01:00:00.000 ...
并重定向输出以获取CSV文件:
nfdump -r nfcapd.2017 -o csv > nfcapd.2017.csv