[netsa-tools-discuss] Netflow v7
John Green
John.Green at ja.net
Thu Aug 28 13:29:30 EDT 2014
On Thu, 2014-08-28 at 11:58 -0400, Michael Welsh Duggan wrote:
> I've briefly looked at the format and
> code, and can make the following suggestions based on the SiLK 3.8.3
> sources.
Hi Michael,
Thanks for the suggestions.
I have it sort of working based on your suggestions. I left the
structures and defines alone (my frames are 1470, which I think brings
my "V7PDU_LEN" down to below the existing V5PDU_LEN). I need to keep
support for v5 from the same exporter.
In 1) added support for version==7
In 2) octets 20-23 are reserved and should be zero, so I didn't touch
this code.
In 3) Wireshark refers to byte 36 and 46-47 as "padding" and seem to be
always be 0x00 in the samples I have. I suspect they can be ignored.
I also needed to add some additional code around line 751 to account for
the larger v7 record sizes as I didn't change the structures. I have no
interest in the additional router_sc field so just need to skip it.
I'll do some further testing.
Thanks
John
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
More information about the netsa-tools-discuss
mailing list