25 May
2017
25 May
'17
3:54 a.m.
Thanks, no, I don't need a sample packet any more. Lynwood was good
enough to send me one a few days ago. Turns out that the fields I
was worrying about are all zero. I did have the 'seq' header field
incrementing incorrectly, but that's fixed. Reverse-engineering
software is one of the things I'm paid to do, so I had the tools
needed for this job right at hand.
Because I couldn't get the (essentially proprietary) collector disk
formats, I gave up on writing the storage disk files directly from
the router process, and went to the overhead of generating, sending,
and collecting the netflow v5 packets.
I'm now sending data that is compatable with the 'flow-tools' collector,
so it's likely that any of the other capture and analysis tools would
be happy with the packets I'm generating (and sending to the collector
over the loopback interface). I'll give some of them a try.
So thanks for the offer, but I think it's a solved problem already.
- Brian
On Thu, May 25, 2017 at 09:30:26AM +0200, Borja Marcos wrote:
Being late to the party. Let me know if you still need
it. I can send you samples of Mikrotik and
Juniper Netflow packets.
Anyway expect some chaos regarding Netflow. Originally it was just a Cisco thing and
manufacturers
and programmers make their own decisions, sometimes quite surprising.
Borja.