Ubuntu
nfdump package

PCAP reader not compiled in for use with nfcapd

Bug #1161069 reported by Aaron McPhall
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nfdump (Ubuntu)
New
Undecided
Unassigned

Bug Description

I'm not sure if this is the proper place to submit a feature request, but it seems better to ask here than ask a question.

Using the -f <pcap file> option is not compiled in. It would be nice for digging through pcap of past netflow.

So doing something this should not result in:
nfcapd -f network.pcap -E -l /tmp
PCAP reader not compiled! Option ignored!
...

Relevant system information:

amcphall@cfl-cs1:/tmp$ lsb_release -rd
Description: Ubuntu 12.04.1 LTS
Release: 12.04
amcphall@cfl-cs1:/tmp$ apt-cache policy nfdump
nfdump:
  Installed: 1.6.3p1-1
  Candidate: 1.6.3p1-1
  Version table:
 *** 1.6.3p1-1 0
        500 http://mirror.anl.gov/ubuntu/ precise/universe amd64 Packages
        500 http://archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages
        100 /var/lib/dpkg/status

Revision history for this message
Jeroen (p-launchpad-3) wrote :

To compile nfdump with PCAP support (tested on Trisquel 7.0):

$ apt-get source nfdump
- cd to the directory nfdump-1.6.8p1 (or whatever your version number may be)
- change debian/rules to add an extra configure option --enable-readpcap:
DEB_CONFIGURE_EXTRA_FLAGS += --enable-readpcap
- change debian/control and add "libpcap-dev" to Build-Depends
- dpkg-buildpackage -rfakeroot
-- you need to have build-essentials and fakeroot installed and will probably get prompted for dependencies of nfdump which need to be installed
- Once done, install the package.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.