From 59652f7d2f21a36ae2897b8c211534604b980480 Mon Sep 17 00:00:00 2001 From: kudakwashe siziva <9620622+kaysiz@users.noreply.github.com> Date: Fri, 17 Jan 2020 10:43:21 +0200 Subject: [PATCH] Update README.md Changed file extension from json to gz --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 879979d..7377a5f 100644 --- a/README.md +++ b/README.md @@ -18,10 +18,10 @@ a collector at port 9000 in debug mode. Point your flow exporter to this port on your host and after some time the first ExportPackets should appear (the flows need to expire first). -After you collected some data, `main.py` exports them into JSON files, simply -named `.json`. +After you collected some data, `main.py` exports them into GZIP files, simply +named `.gz`. -To analyze the saved traffic, run `analyze_json.py `. In my example +To analyze the saved traffic, run `analyze_json.py -f `. In my example script this will look like the following, with resolved hostnames and services, transfered bytes and connection duration: 2017-10-28 23:17.01: SSH | 4.25M | 15:27 min | localmachine-2 () to localmachine-1 () @@ -55,4 +55,4 @@ To create the test packets try the following: 5. Examine the captured traffic. Use Wireshark and set the `CFLOW` "decode as" dissector on the export packets (e.g. based on the port). The `data` fields should then be shown correctly as Netflow payload. 6. Extract this payload as hex stream. Anonymize the IP addresses with a hex editor if necessary. A recommended hex editor is [bless](https://github.com/afrantzis/bless). -The collector is run in a background thread. The difference in transmission speed from the exporting client can lead to different results, possibly caused by race conditions during the usage of the JSON output file. +The collector is run in a background thread. The difference in transmission speed from the exporting client can lead to different results, possibly caused by race conditions during the usage of the GZIP output file.