Hi,

I am unable to simulate netflow packets that are stored in .cap extension files.

I use the below command to simulate netflow packets:
./pcap2flow /home/test/pcap2flow-0.1/NetFlow_Cisco_ASA.cap 192.168.111.177 2055 -ports 2055 -gaus 2000

I read the below document to simulate live netflow packets from a .pcap extension file:
www.unleashnetworks.com/open-source/pcap2netflow.html

Is there any fix or alternative solution available to simulate netflow from .cap files?

Thanks
Nathan

I think it should be -gapus instead of -gaus


Note that your capture file should already contain netflow packets. This tool is not like softflowd, which can construct netflow packets from the wire.

Hi Vivek,

Thanks for pointing out, i just overlooked.

Parameter -gapus deals with the flow rate at which the flow should be exported.

Anyway, still I'm unable to simulate V9 flow from .cap file that already has V9 packets.

I even tried softflowd, which generates V9 packets similar to Cisco routers. But my requirement is to simulate V9 packets similar to Cisco ASA 5500 firewall(NSEL logs). The file I'm using to simulate using pcaptoflow has NSEL logs in it.

More info on Cisco ASA netflow is as below:
www.cisco.com/en/US/docs/security/asa/as...netflow/netflow.html

Any idea will be greatly appreciated.

Thanks
Nathan