NAME

ipfixDump - IPFIX file dumper

SYNOPSIS

    ipfixDump    [--in FILE_NAME][--out FILE_NAME]
                 [--yaf]
                 [--templates][--data][--stats]
                 [--version]

DESCRIPTION

ipfixDump is a tool to read IPFIX files and dump the contents in ASCII to perform low level analysis of the files. ipfixDump uses libfixbuf to decode the files and it does not need any user input as to what the file contains as long as the IPFIX templates are at the beginning of the file. Any records that do not have a corresponding template will be ignored.

By default, ipfixDump uses the standard information model provided by libfixbuf. If ipfixDump is given the --yaf switch, it will include the yaf CERT private enterprise information elements. If yaf was configured to enable DPI (plugins) ipfixDump will also add the DPI elements that yaf can export.

ipfixDump supports Options templates and records. ipfixDump will write all IPFIX templates and data records to the output file. It will also write message and set headers when present.

ipfixDump supports IPFIX structured data in the form of basicLists, subTemplateLists, and subTemplateMultiLists.

ipfixDump currently does not support displaying sequence numbers.

OPTIONS

The following options are available for ipfixDump.

--in FILE_NAME

The FILE_NAME is the filename to read. The string '-' may be used to read from standard input (the default).

--out FILE_NAME

FILE_NAME should be the filename to write to or the string '-' may be used to write to standard output (the default).

--yaf

If present, ipfixDump will include the available yaf(1) CERT private enterprise information elements. If yaf(1) was configured with plugins enabled, ipfixDump will add all of the deep packet inspection elements to the information model. By default, the standard IPFIX information model is used (standard elements defined by IANA).

--template

If present, ipfixDump will only write the templates present in the input file.

--data

If present, ipfixDump will only write the data records present in the input file.

--stats

If present, ipfixDump will only write overall file statistics - which include the number of templates present, the number of data records present, and the number of IPFIX messages present.

--version

If present, print version and copyright information to standard error and exit.

Examples

In the following examples, the dollar sign ("$") represents the shell prompt. The text after the dollar sign represents the command line.

Known Issues

Bug reports may be sent directly to the Network Situational Awareness team at <netsa-help@cert.org>.

AUTHORS

Emily Sarneso and the CERT Network Situational Awareness Group Engineering Team, <http://www.cert.org/netsa>.

SEE ALSO

yaf(1), yafscii(1)