OnWorks favicon

flowdumperp - Online in the Cloud

Run flowdumperp in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command flowdumperp that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator



flowdumper - a grep(1)-like utility for raw flow files


flowdumper [-h] [-v] [-s|S|r|R] [-a|n] [[-I expr] -e expr [-E expr]] [-c] [-B file] [-o output_file] [flow_file [...]]

but usually just:

flowdumper [-s] -e expr flow_file [...]


flowdumper is a grep(1)-like utility for selecting and processing flows from cflowd or
flow-tools raw flow files. The selection criteria are specified by using the "-e" option
described below.

flowdumper's primary features are the ability to:

· Print the content of raw flow files in one of two built-in formats or a format of the
users own. The built-in "long" format is much like that produced by the flowdump
command supplied with cflowd. The "short", single-line format is suitable for
subsequent post-processing by line-oriented filters like sed(1).

· Act as a filter, reading raw flow input from either file(s) or standard input, and
producing filtered raw flow output on standard output. This is similar to how grep(1)
is often used on text files.

· Select flows according to practically any criteria that can be expressed in perl

The "flow variables" and other symbols available for use in the "-e" expression are those
made available by the Cflow module when used like this:

use Cflow qw(:flowvars :tcpflags :icmptypes :icmpcodes);

See the Cflow perl documentation for full details on these values (i.e. "perldoc Cflow".)

Most perl syntax is allowed in the expressions specified with the "-e", "-I", and "-E"
options. See the perl man pages for full details on operators ("man perlop") and
functions ("man perlfunc") available for use in those expressions.

If run with no arguments, filters standard input to standard output.

The options and their arguments, roughly in order of usefulness, are:

shows the usage information

mnemonic: 'h'elp

print all flows

implied if "-e" is not specified

mnemonic: 'a'll

"-e" expr
evaluate this expression once per flow

mnemonic: 'e'xpression

print number of flows matched in input

mnemonic: 'c'ount

print flows in short (one-line) format, ignored with "-n"

mnemonic: 's'hort

print flows in the raw/binary flow file format

ignored with "-n"

mnemonic: 'r'aw

"repacks" and print flows in the raw/binary flow file format

requires "-e", ignored with "-n", useful with "-p"

mnemonic: 'R'epack raw

don't print matching flows

mnemonic: like "perl "-n"" or "sed "-n""

"-o" output_file
send output to the specified file. A single printf(3) string conversion specifier can
be used within the output_file value (such as "/tmp/%s.txt") to make the output file
name a function of the input file basename.

mneomic: 'o'utput file

print flows in the "old" short (one-line) format

ignored with "-n"

mnemonic: 'S'hort

be verbose with messages

mnemonic: 'v'erbose

be very verbose with messages (implies ""-v"")

mnemonic: 'V'ery verbose

"-I" expr
eval expression initially, before flow processing

practically useless without "-e"

mnemonic: 'I'nitial expression

"-E" expr
eval expression after flow processing is complete

practically useless without "-e"

mnemonic: 'E'ND expression

"-B" file
Load the specified BGP dump file using Net::ParseRouteTable.

In your optional expression, you can now refer to these variables:


which will cause a lookup. Their values are undefined if the lookup fails.

mnemonic: 'B'GP dump file

"-p" prefix_mappings_file
read file containing IPv4 prefix mappings in this format (one per line): ->

When specifying this option, you can, and should at some point, call the ENCODE
subroutine in your expressions to have it encode the IP address flowvars such as
$Cflow::exporter, $Cflow::srcaddr, $Cflow::dstaddr, and $Cflow::nexthop.

mnemonic: 'p'refixes


Print all flows, in a multi-line format, to a pager:

$ flowdumper -a flows.* |less

Print all the UDP flows to another file using the raw binary flow format:

$ flowdumper -re '17 == $protocol' flows.current > udp_flows.current

Print all TCP flows which have the SYN bit set in the TCP flags:

$ flowdumper -se '6 == $protocol && ($TH_SYN & $tcp_flags)' flows.*

Print the first 10 flows to another file using the raw binary flow format:

$ flowdumper -I '$n = 10' -re '$n-- or exit' flows.*0 > head.cflow

Print all flows with the start and end time using a two-line format:

$ flowdumper -se 'print scalar(localtime($startime)), "\n"' flows.*

Print all flows with the specified source address using a short, single-line format:

$ flowdumper -se '"" eq $srcip' flows.*

Do the same thing in a quicker, but less obvious, way:

$ flowdumper -I '
use Socket;
$addr = unpack("N", Socket::inet_aton(""));
' -se '$addr == $srcaddr' flows.*

(This latter method runs quicker because inet_aton(3) is only called once, instead of once
per flow.)

Print all flows with a source address within the specifed network/subnet:

$ flowdumper \
-I 'use Socket;
$mask = unpack("N", Socket::inet_aton(""));
$width = 16' \
-se '$mask == ((0xffffffff << (32-$width)) & $srcaddr)' flows.*

Print all flows where either the source or the destination address, but not both, is
within the specified set of networks or subnets:

$ flowdumper \
-I 'use Net::Patricia;
$pt = Net::Patricia->new;
map { $pt->add_string($_, 1) } qw( )' \
-se '1 == ($pt->match_integer($srcaddr) +
$pt->match_integer($dstaddr))' flows.*

Count the total number of "talkers" (unique source host addresses) by piping them to
sort(1) and wc(1) to count them:

$ flowdumper \
-I 'use Net::Patricia;
$pt = Net::Patricia->new;
map { $pt->add_string($_, 1) } qw( )' \
-ne '$pt->match_integer($srcaddr) and print "$srcip\n"' flows.* \
|sort -u |wc -l

Count the total number of "talkers" (unique source host addresses) that are within a the
specified networks or subnets:

$ flowdumper \
-I 'use Net::Patricia;
$pt = new Net::Patricia;
map { $pt->add_string($_, 1) } qw( );
$talkers = new Net::Patricia' \
-ne '$pt->match_integer($srcaddr) &&
($talkers->match_integer($srcaddr) or
$talkers->add_string($srcip, 1))' \
-E 'printf("%d\n", $talkers->climb( sub { 1 } ))' flows.*

(For large numbers of flows, this latter method is quicker because it populates a
Net::Patricia trie with the unique addresses and counts the resulting nodes rather than
having to print them to standard output and then having to sort them to determine how many
are unique.)

Select the TCP flows and "ENCODE" the IP addresses according to the prefix encodings
specified in "prefix_encodings.txt":

$ flowdumper -p prefix_encodings.txt -se '6 == $protocol && ENCODE'

Produce a new raw flow file with the IP addresses ENCODEd according to the prefix
encodings specified in "prefix_encodings.txt":

$ flowdumper -p prefix_encodings.txt -Re 'ENCODE' flows > flows.enc

Produce a set of raw flow files that have the $src_as and $dst_as origin AS values filled
in based upon a lookup in externally-specified routing table (in the file "router.bgp")
and have the IP address info replaces with zeroes (for anonymity):

$ ssh router "show route protocol bgp terse" > router.bgp # Juniper

$ flowdumper \
-B router.bgp \
-e '$src_as = $src_origin_as,
$dst_as = $dst_origin_as,
(($exporter = 0),
($srcaddr = 0),
($src_mask = 0),
($dstaddr = 0),
($dst_mask = 0),
($nexthop = 0), 1)' \
-R \
-o /tmp/%s.cflow_enc \


This utility was inspired by Daniel McRobb's flowdump utility which is supplied with
cflowd. flowdumper was originally written as merely a sample of what can be done with the
Cflow perl module, but has since been developed into a more complete tool.

Use flowdumperp online using onworks.net services

Free Servers & Workstations

Download Windows & Linux apps

  • 1
    Phaser is a fast, free, and fun open
    source HTML5 game framework that offers
    WebGL and Canvas rendering across
    desktop and mobile web browsers. Games
    can be co...
    Download Phaser
  • 2
    VASSAL Engine
    VASSAL Engine
    VASSAL is a game engine for creating
    electronic versions of traditional board
    and card games. It provides support for
    game piece rendering and interaction,
    Download VASSAL Engine
  • 3
    OpenPDF - Fork of iText
    OpenPDF - Fork of iText
    OpenPDF is a Java library for creating
    and editing PDF files with a LGPL and
    MPL open source license. OpenPDF is the
    LGPL/MPL open source successor of iText,
    Download OpenPDF - Fork of iText
  • 4
    Toolbox for Java/JTOpen
    Toolbox for Java/JTOpen
    The IBM Toolbox for Java / JTOpen is a
    library of Java classes supporting the
    client/server and internet programming
    models to a system running OS/400,
    i5/OS, o...
    Download Toolbox for Java/JTOpen
  • 5
    D3.js (or D3 for Data-Driven Documents)
    is a JavaScript library that allows you
    to produce dynamic, interactive data
    visualizations in web browsers. With D3
    Download D3.js
  • 6
    A fast tunnel proxy that helps you
    bypass firewalls This is an application
    that can also be fetched from
    It ha...
    Download Shadowsocks
  • 7
    GLPI Themes
    GLPI Themes
    Download release at
    Color themes for GLPI 0.84 and 0.85 New
    Modifications for GLPI This is an
    application that c...
    Download GLPI Themes
  • More »

Linux commands