Netflow v9 ipv6

Eric Camirand techr at nexweb.ca
Thu Apr 2 18:16:42 EDT 2015 

Carter,

Still seeing Ipv4 address in Ipv6 format and sometime the source port is missing.

10:35:53.768000 N tcp 53a4:7dce::ff:ffff ?> 6b46:ab51::fe:ffff.24580 1 1500   INT

Thanks !

Eric

> On Apr 2, 2015, at 4:53 PM, Carter Bullard <carter at qosient.com> wrote:
> 
> Hey Eric,
> With regard to the protocol and port numbers.  This new file should fix those.
> Sorry for the staged testing !!!!
> Carter
> 
> <argus_import.c>
> 
>> On Apr 2, 2015, at 4:44 PM, Carter Bullard <carter at qosient.com> wrote:
>> 
>> My bad !!!!  Found the problem.  Add this line:
>> 
>> thoth:common carter$ p4 diff ...
>> ==== //depot/argus/clients/common/argus_import.c#24 - /Volumes/Users/carter/argus/clients/common/argus_import.c ====
>> 1642a1643
>>>                 ArgusParsingIPv6 = 0;
>> 
>> 
>> Here is the complete file, with the fix.
>> Carter
>> 
>> <argus_import.c>
>>> On Apr 2, 2015, at 4:36 PM, Eric Camirand <techr at nexweb.ca> wrote:
>>> 
>>> Hey Carter,
>>> 
>>> Ipv4 address appear as Ipv6. This entry should be ipv4 :
>>> 
>>> 10:36:17.584000 N ip 53a4:7dce:3c6a:ab* -> :: 1 1500   REQ
>>> 
>>> Ipv6 look ok.
>>> 
>>> 10:36:17.576000 N ip 2001:db8:1::220 -> 2602:ffea:1001:11* 1 1500   REQ
>>> 
>>> For both entry, protocol and port informations are lost.
>>> 
>>> 
>>> Eric
>>> 
>>> 
>>>> On Apr 2, 2015, at 3:56 PM, Eric Camirand <techr at nexweb.ca> wrote:
>>>> 
>>>> Carter,
>>>> 
>>>> Please replace k_CiscoV9IPV6SrcMask by k_CiscoV9IPv6SrcMask in your file.
>>>> 
>>>> I will get back to you soon with a test result.
>>>> 
>>>> Thanks,
>>>> 
>>>> 
>>>> Eric
>>>> 
>>>>> On Apr 2, 2015, at 3:39 PM, Carter Bullard <carter at qosient.com> wrote:
>>>>> 
>>>>> Gentle people,
>>>>> I think I have a fix for netflow v9 ipv6 import. If you could test the mods, replace your clients ./common/argus_import.c with the included one, recompile, that then check out ra.1 to see if you can now read some IPv6 Netflow v9 data, that would be great !!!
>>>>> 
>>>>> Thanks,
>>>>> 
>>>>> Carter
>>>>> 
>>>>> <argus_import.c>
>>>>> 
>>> 
>>> 
>> 
>

More information about the argus mailing list