Netflow v9 ipv6

Eric Camirand techr at nexweb.ca
Thu Apr 9 00:12:40 EDT 2015 

Hello Carter,

ra output look like this ->

argus-client-3.0.8 (with the new argus_import.c) :
10:34:33.576000 N tcp 98.137.204.89.256 ?> 192.168.100.162.50443 1 1492   INT
10:39:54.568000 N tcp 69.164.37.139 ?> 192.168.10.213.19350 1 1440   INT
10:39:23.560000 N tcp 192.168.100.221 ?> 66.87.83.69.27267 1 1500   INT

argus-client-3.0.8 :
10:34:33.576000 N tcp 98.137.204.89.https ?> 192.168.100.162.50443 1 1492   INT
10:39:54.568000 N tcp 69.164.37.139.http ?> 192.168.10.213.19350 1 1440   INT
10:39:23.560000 N tcp 192.168.100.221.http ?> 66.87.83.69.27267 1 1500   INT

Eric


> On Apr 7, 2015, at 9:15 PM, Carter Bullard <carter at qosient.com> wrote:
> 
> Hey Eric,
> Hmmmm, do you have any NetFlow data that demonstrates that ???
> I don’t have any examples here that have missing ports.
> Could you print out some output so I can see what you think is missing ???
> 
> Carter
> 
> 
>> On Apr 7, 2015, at 2:14 PM, Eric Camirand <techr at nexweb.ca> wrote:
>> 
>> Hello Carter,
>> 
>> Ipv4 address are ok now but some source port are still missing.
>> 
>> 
>> Eric
>> 
>>> On Apr 7, 2015, at 12:13 AM, Carter Bullard <carter at qosient.com> wrote:
>>> 
>>> Hey Eric,
>>> Any luck on our attempt to fix Netflow v9 parsing of ipv6 flows ???
>>> Carter
>>> 
>>>> On Apr 3, 2015, at 3:37 PM, Carter Bullard <carter at qosient.com> wrote:
>>>> 
>>>> Hey Eric,
>>>> Lets change k_CiscoV9IPv6SrcMask to k_CiscoV9IPV6SrcMask (for consistency), and try out this argus_output.c file.
>>>> I’m getting good results with this attempt.
>>>> Carter
>>>> 
>>>> <argus_import.c>
>>>> 
>>>>> On Apr 2, 2015, at 5:17 PM, Eric Camirand <techr at nexweb.ca> wrote:
>>>>> 
>>>>> 
>>>>> Or for consistency, change include/argus/CflowdFlowPdu.h
>>>>> 
>>>>> 475c475
>>>>> < #define k_CiscoV9IPv6SrcMask		29
>>>>> ---
>>>>>> #define k_CiscoV9IPV6SrcMask		29
>>>>> 
>>>>> Thanks,
>>>>> 
>>>>> Eric
>>>>> 
>>>>>> On Apr 2, 2015, at 3:56 PM, Eric Camirand <techr at nexweb.ca> wrote:
>>>>>> 
>>>>>> Carter,
>>>>>> 
>>>>>> Please replace k_CiscoV9IPV6SrcMask by k_CiscoV9IPv6SrcMask in your file.
>>>>>> 
>>>>>> I will get back to you soon with a test result.
>>>>>> 
>>>>>> Thanks,
>>>>>> 
>>>>>> 
>>>>>> Eric
>>>>>> 
>>>>>>> On Apr 2, 2015, at 3:39 PM, Carter Bullard <carter at qosient.com> wrote:
>>>>>>> 
>>>>>>> Gentle people,
>>>>>>> I think I have a fix for netflow v9 ipv6 import. If you could test the mods, replace your clients ./common/argus_import.c with the included one, recompile, that then check out ra.1 to see if you can now read some IPv6 Netflow v9 data, that would be great !!!
>>>>>>> 
>>>>>>> Thanks,
>>>>>>> 
>>>>>>> Carter
>>>>>>> 
>>>>>>> <argus_import.c>
>>>>>>> 
>>>>> 
>>>> 
>>>> 
>>> 
>> 
>> 
>

More information about the argus mailing list