1

I want to get the packet capture from fortiet/fortigate device, to capture all traffic from it on one of its interface. For it i have enabled sflow and sent it to another ntopng server. but on ntopng , i am able to see the sflow data but is there any way i can convert/dump this data to pcap format? as i need data in pcap to analyze it.

I am able to export data to json, but can we convert sflow to pcap?

Farhan
  • 4,210
  • 9
  • 47
  • 76

1 Answers1

0

Found the solution, using sflowtool, we can convert any type of tcp dump data to sflow, and sflow data to tcpdump or even netflow.

Farhan
  • 4,210
  • 9
  • 47
  • 76