ipfixDump - IPFIX file dumper
ipfixDump [--in FILE_NAME][--out FILE_NAME] [--yaf] [--templates][--data][--stats] [--version]
ipfixDump is a tool to read IPFIX files and dump the contents in ASCII to perform low level analysis of the files. ipfixDump uses libfixbuf to decode the files and it does not need any user input as to what the file contains as long as the IPFIX templates are at the beginning of the file. Any records that do not have a corresponding template will be ignored.
By default, ipfixDump uses the standard information model provided by libfixbuf. If ipfixDump is given the --yaf switch, it will include the yaf CERT private enterprise information elements. If yaf was configured to enable DPI (plugins) ipfixDump will also add the DPI elements that yaf can export.
ipfixDump supports Options templates and records. ipfixDump will write all IPFIX templates and data records to the output file. It will also write message and set headers when present.
ipfixDump supports IPFIX structured data in the form of basicLists, subTemplateLists, and subTemplateMultiLists.
ipfixDump currently does not support displaying sequence numbers.
The following options are available for ipfixDump.
The FILE_NAME is the filename to read. The string '-' may be used to read from standard input (the default).
FILE_NAME should be the filename to write to or the string '-' may be used to write to standard output (the default).
If present, ipfixDump will include the available yaf(1) CERT private enterprise information elements. If yaf(1) was configured with plugins enabled, ipfixDump will add all of the deep packet inspection elements to the information model. By default, the standard IPFIX information model is used (standard elements defined by IANA).
If present, ipfixDump will only write the templates present in the input file.
If present, ipfixDump will only write the data records present in the input file.
If present, ipfixDump will only write overall file statistics - which include the number of templates present, the number of data records present, and the number of IPFIX messages present.
If present, print version and copyright information to standard error and exit.
In the following examples, the dollar sign ("$") represents the shell prompt. The text after the dollar sign represents the command line.
$ ipfixDump --in - --out - $ ipfixDump --in /data/ipfix.ipfix --out /data/text.txt --yaf
Bug reports may be sent directly to the Network Situational Awareness team at <email@example.com>.
Emily Sarneso and the CERT Network Situational Awareness Group Engineering Team, <http://www.cert.org/netsa>.