首页 › 资源下载 › 网络 › netflow,抓包 › 源码查看
flow-stat.html

来自「netflow,抓包」· HTML 代码 · 共 418 行
HTML
418 行
<HTML><HEAD><TITLE>flow-stat</TITLE><METANAME="GENERATOR"CONTENT="Modular DocBook HTML Stylesheet Version 1.71"></HEAD><BODYCLASS="REFENTRY"BGCOLOR="#FFFFFF"TEXT="#000000"LINK="#0000FF"VLINK="#840084"ALINK="#0000FF"><H1><ANAME="AEN1"><SPANCLASS="APPLICATION">flow-stat</SPAN></A></H1><DIVCLASS="REFNAMEDIV"><ANAME="AEN6"></A><H2>Name</H2><SPANCLASS="APPLICATION">flow-stat</SPAN>&nbsp;--&nbsp;Generate reports with flow data.</DIV><DIVCLASS="REFSYNOPSISDIV"><ANAME="AEN10"></A><H2>Synopsis</H2><P><BCLASS="COMMAND">flow-stat</B>  [-hnpPw] [-d<TTCLASS="REPLACEABLE"><I> debug_level</I></TT>] [-f<TTCLASS="REPLACEABLE"><I> format</I></TT>] [-S<TTCLASS="REPLACEABLE"><I> sort_field</I></TT>] [-s<TTCLASS="REPLACEABLE"><I> sort_field</I></TT>] [-t<TTCLASS="REPLACEABLE"><I> tally_lines</I></TT>] [-T<TTCLASS="REPLACEABLE"><I> title</I></TT>]</P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN26"></A><H2>DESCRIPTION</H2><P>The <BCLASS="COMMAND">flow-stat</B> utility generates usage reports for flowdata sets by IP address, IP address pairs, ports, packets, bytes,interfaces, next hops, autonomous systems, ToS bits, exporters, and tags.</P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN30"></A><H2>OPTIONS</H2><P></P><DIVCLASS="VARIABLELIST"><DL><DT>-d<TTCLASS="REPLACEABLE"><I> debug_level</I></TT></DT><DD><P>Enable debugging.</P></DD><DT>-f<TTCLASS="REPLACEABLE"><I> format</I></TT></DT><DD><P><PCLASS="LITERALLAYOUT">Report&nbsp;format.&nbsp;&nbsp;Choose&nbsp;from&nbsp;the&nbsp;following:<br><br>&nbsp;&nbsp;&nbsp;&nbsp;0&nbsp;&nbsp;Overall&nbsp;Summary<br>&nbsp;&nbsp;&nbsp;&nbsp;1&nbsp;&nbsp;Average&nbsp;packet&nbsp;size&nbsp;distribution<br>&nbsp;&nbsp;&nbsp;&nbsp;2&nbsp;&nbsp;Packets&nbsp;per&nbsp;flow&nbsp;distribution<br>&nbsp;&nbsp;&nbsp;&nbsp;3&nbsp;&nbsp;Octets&nbsp;per&nbsp;flow&nbsp;distribution<br>&nbsp;&nbsp;&nbsp;&nbsp;4&nbsp;&nbsp;Bandwidth&nbsp;per&nbsp;flow&nbsp;distribution<br>&nbsp;&nbsp;&nbsp;&nbsp;5&nbsp;&nbsp;UDP/TCP&nbsp;destination&nbsp;port<br>&nbsp;&nbsp;&nbsp;&nbsp;6&nbsp;&nbsp;UDP/TCP&nbsp;source&nbsp;port<br>&nbsp;&nbsp;&nbsp;&nbsp;7&nbsp;&nbsp;UDP/TCP&nbsp;port<br>&nbsp;&nbsp;&nbsp;&nbsp;8&nbsp;&nbsp;Destination&nbsp;IP<br>&nbsp;&nbsp;&nbsp;&nbsp;9&nbsp;&nbsp;Source&nbsp;IP<br>&nbsp;&nbsp;&nbsp;&nbsp;10&nbsp;Source/Destination&nbsp;IP<br>&nbsp;&nbsp;&nbsp;&nbsp;11&nbsp;Source&nbsp;or&nbsp;Destination&nbsp;IP<br>&nbsp;&nbsp;&nbsp;&nbsp;12&nbsp;IP&nbsp;protocol<br>&nbsp;&nbsp;&nbsp;&nbsp;13&nbsp;octets&nbsp;for&nbsp;flow&nbsp;duration&nbsp;plot&nbsp;data<br>&nbsp;&nbsp;&nbsp;&nbsp;14&nbsp;packets&nbsp;for&nbsp;flow&nbsp;duration&nbsp;plot&nbsp;data<br>&nbsp;&nbsp;&nbsp;&nbsp;15&nbsp;short&nbsp;summary<br>&nbsp;&nbsp;&nbsp;&nbsp;16&nbsp;IP&nbsp;Next&nbsp;Hop<br>&nbsp;&nbsp;&nbsp;&nbsp;17&nbsp;Input&nbsp;interface<br>&nbsp;&nbsp;&nbsp;&nbsp;18&nbsp;Output&nbsp;interface<br>&nbsp;&nbsp;&nbsp;&nbsp;19&nbsp;Source&nbsp;AS<br>&nbsp;&nbsp;&nbsp;&nbsp;20&nbsp;Destination&nbsp;AS<br>&nbsp;&nbsp;&nbsp;&nbsp;21&nbsp;Source/Destination&nbsp;AS<br>&nbsp;&nbsp;&nbsp;&nbsp;22&nbsp;IP&nbsp;ToS<br>&nbsp;&nbsp;&nbsp;&nbsp;23&nbsp;Input/Output&nbsp;Interface<br>&nbsp;&nbsp;&nbsp;&nbsp;24&nbsp;Source&nbsp;Prefix<br>&nbsp;&nbsp;&nbsp;&nbsp;25&nbsp;Destination&nbsp;Prefix<br>&nbsp;&nbsp;&nbsp;&nbsp;26&nbsp;Source/Destination&nbsp;Prefix<br>&nbsp;&nbsp;&nbsp;&nbsp;27&nbsp;Exporter&nbsp;IP<br>&nbsp;&nbsp;&nbsp;&nbsp;28&nbsp;Engine&nbsp;Id<br>&nbsp;&nbsp;&nbsp;&nbsp;29&nbsp;Engine&nbsp;Type<br>&nbsp;&nbsp;&nbsp;&nbsp;30&nbsp;Source&nbsp;Tag<br>&nbsp;&nbsp;&nbsp;&nbsp;31&nbsp;Destination&nbsp;Tag<br>&nbsp;&nbsp;&nbsp;&nbsp;32&nbsp;Source/Destination&nbsp;Tag</P></P></DD><DT>-h</DT><DD><P>Display help.</P></DD><DT>-n</DT><DD><P>Use symbolic names where appropriate.</P></DD><DT>-p</DT><DD><P>Display header information.</P></DD><DT>-P</DT><DD><P>Report as percent total.</P></DD><DT>-s<TTCLASS="REPLACEABLE"><I> sort_field</I></TT></DT><DD><P>Sort ascending on field <TTCLASS="REPLACEABLE"><I>sort_field</I></TT>.</P></DD><DT>-S<TTCLASS="REPLACEABLE"><I> sort_field</I></TT></DT><DD><P>Sort descending on field <TTCLASS="REPLACEABLE"><I>sort_field</I></TT>.</P></DD><DT>-t<TTCLASS="REPLACEABLE"><I> tally_lines</I></TT></DT><DD><P>Tally totals every <TTCLASS="REPLACEABLE"><I>tally_lines</I></TT>lines.</P></DD><DT>-T<TTCLASS="REPLACEABLE"><I> title</I></TT></DT><DD><P>Set report title to <TTCLASS="REPLACEABLE"><I>title</I></TT>.</P></DD><DT>-w</DT><DD><P>Wide output.</P></DD></DL></DIV></DIV><DIVCLASS="REFSECT1"><ANAME="AEN88"></A><H2>EXAMPLES</H2><DIVCLASS="INFORMALEXAMPLE"><ANAME="AEN90"></A><P></P><P>Provide a report on top source/destination IP pairs sorted by octets, reportin percent total form for the flows in <TTCLASS="FILENAME">/flows/krc4</TT>.Use the preload option to flow-cat to preserve meta information and display it with flow-stat.</P><P>  <BCLASS="COMMAND">flow-cat -p /flows/krc4 | flow-stat -f10 -P -p -S4</B></P><P></P></DIV></DIV><DIVCLASS="REFSECT1"><ANAME="AEN95"></A><H2>EXAMPLES</H2><DIVCLASS="INFORMALEXAMPLE"><ANAME="AEN97"></A><P></P><P>Many times a campus network will have a single border router which hasone interface pointing to the internal side and many interfaces pointingto other providers.  These interfaces each have a unique numerical idknown in SNMP terms as an ifIndex.  The ifIndex to interface name mappingscan be determined by using a tool such as <SPANCLASS="APPLICATION">snmpwalk</SPAN>or using show commands in recent versions of IOS with the'show snmp mib ifmib ifindex' or JunOS 'show interfaces'.  Once the ifIndexfor each interface is known flow-filter can be combined with flow-stat toprovide reports such as inbound vs outbound top src/destination IPaddresses.Provide a top source IP address report by outbound traffic, ie the topsenders of traffic on the campus network.  Assume the ifIndex of thecampus interface is 5.</P><P>  flow-cat -p /flows/krc4 | flow-filter -i5 | flow-stat -f9 -P -p -S3 </P><P></P></DIV></DIV><DIVCLASS="REFSECT1"><ANAME="AEN101"></A><H2>EXAMPLES</H2><DIVCLASS="INFORMALEXAMPLE"><ANAME="AEN103"></A><P></P><P>Provide a top destination IP address report by outbound traffic, ie the topsinks of traffic on the campus network.  Assume the ifIndex of thecampus interface is 5.</P><P>  flow-cat -p /flows/krc4 | flow-filter -I5 | flow-stat -f8 -P -p -S3 </P><P></P></DIV></DIV><DIVCLASS="REFSECT1"><ANAME="AEN106"></A><H2>EXAMPLES</H2><DIVCLASS="INFORMALEXAMPLE"><ANAME="AEN108"></A><P></P><P>Provide a top source/destination AS report.  Use symbolic names.</P><P>  flow-cat -p /flows/krc4 | flow-stat -f20 -n -P -p -S4 </P><P></P></DIV></DIV><DIVCLASS="REFSECT1"><ANAME="AEN111"></A><H2>BUGS</H2><P>None known.</P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN114"></A><H2>AUTHOR</H2><P>Mark Fullmer<TTCLASS="EMAIL">&#60;<AHREF="mailto:maf@splintered.net">maf@splintered.net</A>&#62;</TT></P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN121"></A><H2>SEE ALSO</H2><P><SPANCLASS="APPLICATION">flow-tools</SPAN>(1)</P></DIV></BODY></HTML>
flow-stat.html - 源码说明

本页面展示了「netflow,抓包」中的 flow-stat.html 源码文件，采用 HTML 编程语言编写，共 418 行代码。您可以在线阅读完整代码内容，也可以返回资源详情页下载完整源码包进行本地学习和开发。
虫虫下载站收录了大量与netflow相关的技术资源，包括源代码、技术文档、电路图等，是电子工程师和嵌入式开发者的专业学习平台。
⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?