Using Cflow.pm

Perl is a popular language for systems administration and web development. The Cflow.pm module lets you write Perl that reads flow files directly.

A Sample Cflow.pm Script

Here's a simple Cflow.pm Perl script that prints out all UDP port 500 (Checkpoint ISAKMP, used in IPSec VPNs) flows, stripped down from the script provided in the Cflow.pm documentation. This script takes the name of one or more flow files as arguments.

#!/usr/bin/perl

❶ use Cflow qw(:flowvars find);
❷ find (\&wanted, @ARGV);

❸ sub wanted {
      return unless (($srcport == 500 && $dstport == 500 ) && $udp == $protocol);
      printf("%s %15.15s.%-5hu %15.15s.%-5hu %2hu %10u %10u\n",
             $localtime, $srcip, $srcport, $dstip,
             $dstport, $protocol, $pkts, $bytes)
  }

This script first ...

Get Network Flow Analysis now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Network Flow Analysis by Michael W. Lucas

Using Cflow.pm

A Sample Cflow.pm Script

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly