O'Reilly logo

Network Flow Analysis by Michael W. Lucas

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Using Cflow.pm

Perl is a popular language for systems administration and web development. The Cflow.pm module lets you write Perl that reads flow files directly.

A Sample Cflow.pm Script

Here's a simple Cflow.pm Perl script that prints out all UDP port 500 (Checkpoint ISAKMP, used in IPSec VPNs) flows, stripped down from the script provided in the Cflow.pm documentation. This script takes the name of one or more flow files as arguments.

#!/usr/bin/perl

❶ use Cflow qw(:flowvars find);
❷ find (\&wanted, @ARGV);

❸ sub wanted {
      return unless (($srcport == 500 && $dstport == 500 ) && $udp == $protocol);
      printf("%s %15.15s.%-5hu %15.15s.%-5hu %2hu %10u %10u\n",
             $localtime, $srcip, $srcport, $dstip,
             $dstport, $protocol, $pkts, $bytes)
  }

This script first ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required