PCAP reader not compiled in for use with nfcapd
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nfdump (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
I'm not sure if this is the proper place to submit a feature request, but it seems better to ask here than ask a question.
Using the -f <pcap file> option is not compiled in. It would be nice for digging through pcap of past netflow.
So doing something this should not result in:
nfcapd -f network.pcap -E -l /tmp
PCAP reader not compiled! Option ignored!
...
Relevant system information:
amcphall@
Description: Ubuntu 12.04.1 LTS
Release: 12.04
amcphall@
nfdump:
Installed: 1.6.3p1-1
Candidate: 1.6.3p1-1
Version table:
*** 1.6.3p1-1 0
500 http://
500 http://
100 /var/lib/
To compile nfdump with PCAP support (tested on Trisquel 7.0):
$ apt-get source nfdump EXTRA_FLAGS += --enable-readpcap
- cd to the directory nfdump-1.6.8p1 (or whatever your version number may be)
- change debian/rules to add an extra configure option --enable-readpcap:
DEB_CONFIGURE_
- change debian/control and add "libpcap-dev" to Build-Depends
- dpkg-buildpackage -rfakeroot
-- you need to have build-essentials and fakeroot installed and will probably get prompted for dependencies of nfdump which need to be installed
- Once done, install the package.