Netflow v9 ipv6

Carter Bullard carter at qosient.com
Thu Apr 2 15:39:14 EDT 2015


Gentle people,
I think I have a fix for netflow v9 ipv6 import. If you could test the mods, replace your clients ./common/argus_import.c with the included one, recompile, that then check out ra.1 to see if you can now read some IPv6 Netflow v9 data, that would be great !!!

Thanks,

Carter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: argus_import.c
Type: application/octet-stream
Size: 172114 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20150402/f8d8468a/attachment.obj>
-------------- next part --------------


> On Apr 1, 2015, at 1:57 PM, Eric Camirand <techr at nexweb.ca> wrote:
> 
> Hello Carter,
> 
> I have sent you some pcap files regarding my issue back in december but i think your spam filter is dropping my emails. How should i send those to you ?
> 
> Thanks !
> 
> Eric
> 
>> On Dec 10, 2014, at 1:04 PM, Carter Bullard <carter at qosient.com> wrote:
>> 
>> Hey Eric,
>> The netflow v9 should work.  Seems like we’re close with yours.  I don’t have access to v9 data,
>> if you can capture some packets and share, I’ll try to fix it.
>> 
>> Carter
>> 
>>> On Dec 10, 2014, at 11:35 AM, Eric Camirand <techr at nexweb.ca> wrote:
>>> 
>>> Hello,
>>> 
>>> What is the status of netflow v9 ipv6 support in 3.0.8 ?
>>> I would like to read v9 flows from nfdump or nprobe but ipv6 flows are not
>>> decoded correctly.
>>> 
>>> Ex: ra -S cisco://127.0.0.1:9996 ->
>>> 14:46:23.869000 N ospf 0.0.0.0 -> 0.0.0.0 1 84 REQ
>>> 14:47:53.000000 N ipv6-* 0.0.0.0 -> 0.0.0.0 1 72 REQ
>>> 14:47:29.889000 N vrrp 0.0.0.0 -> 0.0.0.0 1 76 REQ
>>> 14:50:03.878000 N tcp 0.0.0.0.44944 ?> 0.0.0.0.bgp 1 99 INT
>>> 
>>> Thanks!
>>> 
>>> 
>>> Eric
>> 
> 
> 
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20150402/f8d8468a/attachment.bin>


More information about the argus mailing list