[netsa-tools-discuss] Can Juniper's j-flow(s) be used with Silk?
Evgeniy Sudyr
eject.in.ua at gmail.com
Thu Mar 10 12:50:29 EST 2016
Mark,
I checked and it worked just fine for me with default settings for
sensor.conf:
probe S1 netflow-v9
listen-on-port 18002
protocol udp
end probe
sensor S1
netflow-v9-probes S1
internal-ipblocks 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
external-ipblocks remainder
end sensor
There we go with netflow traffic dump on host where I collected flows
(incl. flow templates)
https://www.dropbox.com/s/8qzzac8sfry2etg/dump3.pcap.gz?dl=0
Juniper j2350
FW: 12.1X46-D40.2 (recommended by juniper)
$ rwfileinfo inweb/2016/03/10/iw-S1_20160310.17
inweb/2016/03/10/iw-S1_20160310.17:
format(id) FT_RWIPV6(0x0b)
version 16
byte-order littleEndian
compression(id) lzo1x(2)
header-length 68
record-length 68
record-version 1
silk-version 3.11.0
count-records 42
file-size 973
packed-file-info 2016/03/10T17:00:00Z iw S1
I will be glad to help you if something needs to be checked with J-flow or
if you will notice in dumps something interesting.
Thank you all again for great toolkit!
On Wed, Mar 9, 2016 at 4:01 PM, Mark Thomas <mthomas at cert.org> wrote:
>
> Evgeniy-
>
> Thank you for your offer.
>
> A pcap file generated by tcpdump would be most helpful and very
> appreciated.
>
> Thanks again!
>
> -Mark
>
>
> On Wed, 9 Mar 2016 13:10:48 +0100, Evgeniy Sudyr wrote:
>
> > Mark, thank you for answering!
> >
> > I can help in testing by submitting some flows traffic dump from
> > devices I have?
> >
> > Please suggest what will be best format / tools to provide flows .pcap
> > from tcpdump is OK?
> >
> > ---
> > Evgeniy
> >
> > On Tue, Mar 8, 2016 at 5:01 PM, Mark Thomas <mthomas at cert.org> wrote:
> >> Evgeniy-
> >>
> >> We know that J-Flow v9 is based on RFC 3954 (NetFlow v9), but we do
> >> not have samples of J-Flow that we can use to test our tools.
> >>
> >> You may be able to collect traffic by configuring the probe's type
> >> as "netflow-v9". Depending on the templates used by J-Flow, it is
> >> possible that rwflowpack will be able to see the flow records but it
> >> may not store them.
> >>
> >> -Mark
> >>
> >>
> >> -----Original Message-----
> >> From: Evgeniy Sudyr <eject.in.ua at gmail.com>
> >> Date: Mon, 7 Mar 2016 16:18:55 +0100
> >> To: <netsa-help at cert.org>
> >> Cc: <netsa-tools-discuss at cert.org>
> >> Subject: [netsa-tools-discuss] Can Juniper's j-flow(s) be used with
Silk?
> >>
> >> Hi, can't get from FAQ if it's possible to get flows data from Juniper
> >> j-series routers for Silk analysis?
> >>
> >> http://tools.netsa.cert.org/silk/faq.html
> >>
> >> We have j-series router with 12.1X46-D40.2 (no IPFIX support)
> >>
https://kb.juniper.net/InfoCenter/index?page=content&id=KB16677&actp=search
> >>
> >> --
> >> --
> >> With regards,
> >> Evgeniy
--
--
With regards,
Eugene Sudyr
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the netsa-tools-discuss
mailing list