GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
rwp2yaf2silk(1) SiLK Tool Suite rwp2yaf2silk(1)

rwp2yaf2silk - Convert PCAP data to SiLK Flow Records with YAF 

  rwp2yaf2silk --in=INPUT_SPEC --out=FILE [--dry-run]
      [--yaf-program=YAF] [--yaf-args='ARG1 ARG2']
      [--rwipfix2silk-program=RWIPFIX2SILK]
      [--rwipfix2silk-args='ARG1 ARG2']

  rwp2yaf2silk --help

  rwp2yaf2silk --man

  rwp2yaf2silk --version

rwp2yaf2silk is a script to convert a pcap(3) file, such as that produced by tcpdump(1), to a single file of SiLK Flow records. The script assumes that the yaf(1) and rwipfix2silk(1) commands are available on your system.

The --in and --out switches are required. Note that the --in switch is processed by yaf, and the --out switch is processed by rwipfix2silk.

For information on reading live pcap data and using rwflowpack(8) to store that data in hourly files, see the SiLK Installation Handbook.

Normally yaf groups multiple packets into flow records. You can almost force yaf to create a flow record for every packet so that its output is similar to that of rwptoflow(1): When you give yaf the --idle-timeout=0 switch, yaf creates a flow record for every complete packet and for each packet that it is able to completely reassemble from packet fragments. Any fragmented packets that yaf cannot reassemble are dropped.

Option names may be abbreviated if the abbreviation is unique or is an exact match for an option. A parameter to an option may be specified as --arg=param or --arg param, though the first form is required for options that take optional parameters.
--in=INPUT_SPEC
Read the pcap records from INPUT_SPEC. Often INPUT_SPEC is the name of the pcap file to read or the string string "-" or "stdin" to read from standard input. To process multiple pcap files, create a text file that lists the names of the pcap files. Specify the text file as INPUT_SPEC and use "--yaf-args=--caplist" to tell yaf the INPUT_SPEC contains the names of pcap files.
--out=FILE
Write the SiLK Flow records to FILE. The string "stdout" or "-" may be used for the standard output, as long as it is not connected to a terminal.
--dry-run
Do not invoke any commands, just print the commands that would be invoked.
--yaf-program=YAF
Use YAF as the location of the yaf program. When not specified, rwp2yaf2silk assumes there is a program yaf on your $PATH.
--yaf-args=ARGS
Pass the additional ARGS to the yaf program.
--rwipfix2silk-program=RWIPFIX2SILK
Use RWIPFIX2SILK as the location of the rwipfix2silk program. When not specified, rwp2yaf2silk assumes there is a program rwipfix2silk on your $PATH.
--rwipfix2silk-args=ARGS
Pass the additional ARGS to the rwipfix2silk program.
--help
Display a brief usage message and exit.
--man
Display full documentation for rwp2yaf2silk and exit.
--version
Print the version number and exit the application.

yaf(1), rwipfix2silk(1), rwflowpack(8), rwptoflow(1), silk(7), tcpdump(1), pcap (3), SiLK Installation Handbook
2022-04-12 SiLK 3.19.1
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.