Question 1

How do I install nfdump on Ubuntu?

Accepted Answer

Ensure autotools 2.71 is installed, then use CC=clang-10 with ./configure for compatibility. Build with ./autogen.sh, ./configure, make, and sudo make install, as specified for Ubuntu 18.04 LTS in the README.

Question 2

What's the difference between nfcapd and nfpcapd in nfdump?

Accepted Answer

nfcapd collects NetFlow/IPFIX/sFlow data directly from network devices, while nfpcapd converts live or captured pcap traffic to NetFlow records, enabling flow analysis from packet captures. Both store data in nfdump format.

Question 3

How to filter NetFlow data by IP address using nfdump?

Accepted Answer

Use the tcpdump-like filter syntax, e.g., 'nfdump -r flowfile "src ip 192.0.2.1"'. This allows precise selection based on source or destination IPs, with examples in the basic usage section.

Question 4

Does nfdump support exporting flow data to JSON?

Accepted Answer

Yes, nfdump supports flexible output formats including JSON. Use the appropriate command-line options to export flow records in JSON for integration with other tools or databases.

Question 5

nfdump vs flow-tools: which is better for network analysis?

Accepted Answer

nfdump is more modern with active maintenance, multi-threading, and advanced features like data enrichment. Flow-tools is older; nfdump includes ft2nfdump for conversion, but nfdump offers better performance and extensibility.

Question 6

How to set up real-time traffic analysis with nfdump?

Accepted Answer

Start nfcapd as a daemon to collect flows from exporters, or use nfpcapd to convert live pcap traffic. Then, run nfdump periodically on the stored files for filtering and aggregation, leveraging the time-based directory structure.

Question 7

What compression methods does nfdump support for flow data?

Accepted Answer

nfdump supports LZO, LZ4, ZSTD, and bzip2 compression, with LZO and LZ4 embedded by default. Use the -z option, e.g., -z=lz4, for on-the-fly compression, as detailed in the compression section.

nfdump

What is nfdump?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions