netflow,抓包

				...\" $Header: /usr/src/docbook-to-man/cmd/RCS/docbook-to-man.sh,v 1.3 1996/06/17 03:36:49 fld Exp $				...\"				...\"	transcript compatibility for postscript use.				...\"				...\"	synopsis:  .P! 				...\"				.de P!				\\&.				.fl			\" force out current output buffer				\\!%PB				\\!/showpage{}def				...\" the following is from Ken Flowers -- it prevents dictionary overflows				\\!/tempdict 200 dict def tempdict begin				.fl			\" prolog				.sy cat \\$1\" bring in postscript file				...\" the following line matches the tempdict above				\\!end % tempdict %				\\!PE				\\!.				.sp \\$2u	\" move below the image				..				.de pF				.ie     \\*(f1 .ds f1 \\n(.f				.el .ie \\*(f2 .ds f2 \\n(.f				.el .ie \\*(f3 .ds f3 \\n(.f				.el .ie \\*(f4 .ds f4 \\n(.f				.el .tm ? font overflow				.ft \\$1				..				.de fP				.ie     !\\*(f4 \{\				.	ft \\*(f4				.	ds f4\"				'	br \}				.el .ie !\\*(f3 \{\				.	ft \\*(f3				.	ds f3\"				'	br \}				.el .ie !\\*(f2 \{\				.	ft \\*(f2				.	ds f2\"				'	br \}				.el .ie !\\*(f1 \{\				.	ft \\*(f1				.	ds f1\"				'	br \}				.el .tm ? font underflow				..				.ds f1\"				.ds f2\"				.ds f3\"				.ds f4\"				.ta 8n 16n 24n 32n 40n 48n 56n 64n 72n 				.TH "\fBflow-cat\fP" "1"				.SH "NAME"				\fBflow-cat\fP \(em Concatenate flow files				.SH "SYNOPSIS"				.PP				\fBflow-cat\fP [-aghmp]  [-b\fI big\fP|\fIlittle\fP]  [-C\fI comment\fP]  [-d\fI debug_level\fP]  [-o\fI filename\fP]  [-t\fI start_time\fP]  [-T\fI start_time\fP]  [-z\fI z_level\fP]  [\fIfile\fP|\fIdirectory\fP \&...] 				.SH "DESCRIPTION"				.PP				The \fBflow-cat\fP utility processes files and/or directories				of files in the flow-tools format\&.  The resulting concatenated data set is				written to the standard output or \fBfile\fP specified by				\fB-o\fP\&.  If \fBfile\fP is a single dash (`-\&')				or absent, flow-cat will read from the standard input\&.				.SH "OPTIONS"				.IP "-a" 10				Do not ignore filenames that begin with \fBtmp\fP\&.				.IP "-b\fI big\fP|\fIlittle\fP" 10				Byte order of output\&.				.IP "-C\fI Comment\fP" 10				Add a comment\&.				.IP "-d\fI debug_level\fP" 10				Enable debugging\&.				.IP "-g" 10				Sort file list by capture start time before processing\&.				.IP "-h" 10				Display help\&.				.IP "-m" 10				Disable the use of mmap()\&.				.IP "-p" 10				Preload headers\&.  Use to preserve meta information such as lost flows\&.				.IP "-o\fI file\fP" 10				Write to \fBfile\fP instead of the standard out\&.				.IP "-t\fI start_time\fP" 10				Select flow files up to \fIstart_time\fP\&.  If used with				-T select files between \fIstart_time\fP and				\fIend_time\fP\&.				.IP "-T\fI end_time\fP" 10				Select flow files after \fIend_time\fP\&.  If used with				-t select files between \fIstart_time\fP and				\fIend_time\fP\&.				.IP "-z\fI z_level\fP" 10				Configure compression level to \fI z_level\fP\&.  0 is				disabled (no compression), 9 is highest compression\&.				.IP "\fIfile\fP|\fIdirectory\&.\&.\&.\fP" 10				Process the files and/or directory\&.				.SH "EXAMPLES"				.PP				Concatenate all flow files begining with ft-v05\&.2001-05\&.01, use 				flow-print to display the results\&.				.PP				    \fBflow-cat ft-v05\&.2001-05-01\&.* | flow-print\fP				.PP				Concatenate flow files in \fB/flows/krc4\fP, store				store the output in \fBcompressed\&.flows\fP at compression				level 9 (best)\&.  The headers are preloaded so various metadata such				as the flow count is correct in the result\&.  Filenames begining with				\fBtmp\fP which are typically in-progress flow files				from \fBflow-capture\fP are not processed\&.				.PP				    \fBflow-cat -p -z9 /flows/krc4 > compressed\&.flows\fP				.SH "BUGS"				.PP				None known\&.				.SH "AUTHOR"				.PP				Mark Fullmer maf@splintered\&.net				.SH "SEE ALSO"				.PP				\fBflow-tools\fP(1)				...\" created by instant / docbook-to-man, Sun 23 Jun 2002, 23:50