I have a pcap file of size 1.4 GB. I am trying to convert this file to nfcapd. But I cannot convert it.
First of all, I typed
nfcapd -p 12345 -l ./
Then the computer creates some nfcapd file continuously. I tried it 2 days ago and the computer keeps creating nfcapd file until today. Then I stopped the process. Then I tried
softflowd -n localhost:12345 -r myFile.pcap
Then the terminal gives an error
Unsupported data link type 104
Do you have any idea to convert this to nfcapd through terminal?
I am using Debian Linux 64 bit OS.
You could have nfcapd read the pcap file directly and save it as you specify in your config (Netflow v5 or v9. IPFIX support is currently only experimental).
According to the man page of nfcapd:
-f <pcap_file>
Read netflow packets from a give pcap_file instead of the network. This requires nfcapd to be compiled with the pcap option and is intended for debugging only.
In case you have installed nfdump through a packet repository, the chance is high that it is not compiled with the required --enable-readpcap flag (which is default off).
Try and download the source from here and compile it yourself.