[netsa-tools-discuss] Multi-protocol support in fixbuf using same listener

Poole, Ruth J. Poole.Ruth at mayo.edu
Fri Jul 17 08:07:39 EDT 2015


Yes, that would work.  If we had a newer kernel with the tee support in iptables, we would have done it that way.

Ruth Poole
Phone: 507-284-0456
Email: poole.ruth at mayo.edu<mailto:poole.ruth at mayo.edu>

From: Chris Inacio <inacio at cert.org<mailto:inacio at cert.org>>
Date: 2015, Thursday, July 16, at 17:43
To: "Poole, Ruth J." <poole.ruth at mayo.edu<mailto:poole.ruth at mayo.edu>>
Cc: "netsa-tools-discuss at cert.org<mailto:netsa-tools-discuss at cert.org>" <netsa-tools-discuss at cert.org<mailto:netsa-tools-discuss at cert.org>>
Subject: Re: [netsa-tools-discuss] Multi-protocol support in fixbuf using same listener

(Ruth (all) sorry about the duplicate mail.)

If we created a small shim process that listened on 1 port and the forwarded different streams to various ports on localhost via a small config file would that help?  Would that be acceptable?


--
Chris Inacio
Technical Director / Engineering & Operations
CERT / Software Engineering Institute
Carnegie Mellon University
Office: 412 268-3098
Cell: 412 726-7522
Sent from my iPhone

On Jul 14, 2015, at 2:25 PM, Poole, Ruth J. <Poole.Ruth at mayo.edu<mailto:Poole.Ruth at mayo.edu>> wrote:


> Unfortunately, you are correct that it is not currently possible to receive the different flow protocols on the same receiving port.  You are actually the first person to request this functionality.

Let me be the second to officially request this functionality.  We are receiving v9, ipfix, and v5 (though hopefully v5 only temporarily), on the same port.

Ruth Poole
Phone: 507-284-0456
Email: poole.ruth at mayo.edu<mailto:poole.ruth at mayo.edu>
-------------- next part --------------
HTML attachment scrubbed and removed


More information about the netsa-tools-discuss mailing list