The report with time sharing.
Good afternoon!
Sorry in advance. I'm not English speaker. I'm still learning.
Sorry in advance. I'm not English speaker. I'm still learning.
How to create the report in "NetFlow Analyzer" which will show, to what addresses:ports there were requests from the IP address with time sharing?
For example, through NFDump, it is possible to make such request:
nfdump -r nfcapd.20120309 'proto tcp and (host 39.52.93.23)'
- Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows
2012-03-09 20:33:31.653 0.344 TCP 39.52.93.23:49318 -> 78.108.181.1:80 2 88 1
2012-03-09 20:33:31.657 0.501 TCP 39.52.93.23:49320 -> 88.212.196.104:80 5 776 1
2012-03-09 20:33:31.688 4.667 TCP 39.52.93.23:49252 -> 83.149.124.211:80 14 2732 1
2012-03-09 20:33:48.355 0.000 TCP 39.52.93.23:49294 -> 176.9.32.51:80 1 40 1
2012-03-09 20:33:48.431 0.005 TCP 87.240.131.102:80 -> 39.52.93.23:49303 2 80 1
2012-03-09 20:33:48.438 0.000 TCP 89.108.119.183:80 -> 39.52.93.23:49305 1 40 1
2012-03-09 20:33:48.461 0.000 TCP 78.140.152.30:80 -> 39.52.93.23:49272 1 40 1
2012-03-09 20:33:48.462 0.000 TCP 78.140.152.34:80 -> 39.52.93.23:49288 1 40 1
2012-03-09 20:33:48.355 0.118 TCP 39.52.93.23:49293 -> 88.85.93.101:80 2 80 1
2012-03-09 20:33:48.463 0.000 TCP 88.85.93.101:80 -> 39.52.93.23:49293 1 40 1
2012-03-09 20:33:38.723 0.674 TCP 39.52.93.23:49325 -> 79.141.216.19:443 5 437 1
2012-03-09 20:33:31.622 3.913 TCP 188.165.233.15:80 -> 39.52.93.23:49186 2 2155 1
2012-03-09 20:33:31.625 3.904 TCP 188.165.233.15:80 -> 39.52.93.23:49191 2 2161 1
2012-03-09 20:33:31.624 3.907 TCP 188.165.233.15:80 -> 39.52.93.23:49197 2 2161 1
2012-03-09 20:33:31.631 3.888 TCP 188.165.233.15:80 -> 39.52.93.23:49199 2 2155 1
2012-03-09 20:33:31.398 4.351 TCP 39.52.93.23:49197 -> 188.165.233.15:80 4 998 1
Thanks in advance!