Netflow v9 ipv6

Carter Bullard carter at qosient.com
Fri Apr 10 16:35:23 EDT 2015 

Hey Eric,
Thanks for the debug data !!!!    So how about this ./common/argus_import.c ??? 
Carter
 

> On Apr 9, 2015, at 2:16 PM, Carter Bullard <carter at qosient.com> wrote:
> 
> Hey Eric,
> Can I get a copy of the file that demonstrates the problem so I can fix it ???
> Carter
> 
> 
> 
> On Apr 9, 2015, at 12:08 PM, Eric Camirand <techr at nexweb.ca <mailto:techr at nexweb.ca>> wrote:
> 
>> Hello Carter,
>> 
>> I’m replaying netflow v9 from a file and feed it to ra. How do you feed the pcap file to ra ? with argus ?
>> 
>> 
>> On Apr 9, 2015, at 10:49 AM, Carter Bullard <carter at qosient.com <mailto:carter at qosient.com>> wrote:
>> 
>> Hey Eric,
>> Is this coming from one of your pcap files ??  Do I have, or can I get that file ??
>> Carter
>> 
>> 
>> 
>> On Apr 9, 2015, at 12:12 AM, Eric Camirand <techr at nexweb.ca <mailto:techr at nexweb.ca>> wrote:
>> 
>>> Hello Carter,
>>> 
>>> ra output look like this ->
>>> 
>>> argus-client-3.0.8 (with the new argus_import.c) :
>>> 10:34:33.576000 N tcp 98.137.204.89.256 ?> 192.168.100.162.50443 1 1492   INT
>>> 10:39:54.568000 N tcp 69.164.37.139 ?> 192.168.10.213.19350 1 1440   INT
>>> 10:39:23.560000 N tcp 192.168.100.221 ?> 66.87.83.69.27267 1 1500   INT
>>> 
>>> argus-client-3.0.8 :
>>> 10:34:33.576000 N tcp 98.137.204.89.https ?> 192.168.100.162.50443 1 1492   INT
>>> 10:39:54.568000 N tcp 69.164.37.139.http ?> 192.168.10.213.19350 1 1440   INT
>>> 10:39:23.560000 N tcp 192.168.100.221.http ?> 66.87.83.69.27267 1 1500   INT
>>> 
>>> Eric
>>> 
>>> 
>>>> On Apr 7, 2015, at 9:15 PM, Carter Bullard <carter at qosient.com <mailto:carter at qosient.com>> wrote:
>>>> 
>>>> Hey Eric,
>>>> Hmmmm, do you have any NetFlow data that demonstrates that ???
>>>> I don’t have any examples here that have missing ports.
>>>> Could you print out some output so I can see what you think is missing ???
>>>> 
>>>> Carter
>>>> 
>>>> 
>>>>> On Apr 7, 2015, at 2:14 PM, Eric Camirand <techr at nexweb.ca <mailto:techr at nexweb.ca>> wrote:
>>>>> 
>>>>> Hello Carter,
>>>>> 
>>>>> Ipv4 address are ok now but some source port are still missing.
>>>>> 
>>>>> 
>>>>> Eric
>>>>> 
>>>>>> On Apr 7, 2015, at 12:13 AM, Carter Bullard <carter at qosient.com <mailto:carter at qosient.com>> wrote:
>>>>>> 
>>>>>> Hey Eric,
>>>>>> Any luck on our attempt to fix Netflow v9 parsing of ipv6 flows ???
>>>>>> Carter
>>>>>> 
>>>>>>> On Apr 3, 2015, at 3:37 PM, Carter Bullard <carter at qosient.com <mailto:carter at qosient.com>> wrote:
>>>>>>> 
>>>>>>> Hey Eric,
>>>>>>> Lets change k_CiscoV9IPv6SrcMask to k_CiscoV9IPV6SrcMask (for consistency), and try out this argus_output.c file.
>>>>>>> I’m getting good results with this attempt.
>>>>>>> Carter
>>>>>>> 
>>>>>>> <argus_import.c>
>>>>>>> 
>>>>>>>> On Apr 2, 2015, at 5:17 PM, Eric Camirand <techr at nexweb.ca <mailto:techr at nexweb.ca>> wrote:
>>>>>>>> 
>>>>>>>> 
>>>>>>>> Or for consistency, change include/argus/CflowdFlowPdu.h
>>>>>>>> 
>>>>>>>> 475c475
>>>>>>>> < #define k_CiscoV9IPv6SrcMask        29
>>>>>>>> ---
>>>>>>>>> #define k_CiscoV9IPV6SrcMask        29
>>>>>>>> 
>>>>>>>> Thanks,
>>>>>>>> 
>>>>>>>> Eric
>>>>>>>> 
>>>>>>>>> On Apr 2, 2015, at 3:56 PM, Eric Camirand <techr at nexweb.ca <mailto:techr at nexweb.ca>> wrote:
>>>>>>>>> 
>>>>>>>>> Carter,
>>>>>>>>> 
>>>>>>>>> Please replace k_CiscoV9IPV6SrcMask by k_CiscoV9IPv6SrcMask in your file.
>>>>>>>>> 
>>>>>>>>> I will get back to you soon with a test result.
>>>>>>>>> 
>>>>>>>>> Thanks,
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> Eric
>>>>>>>>> 
>>>>>>>>>> On Apr 2, 2015, at 3:39 PM, Carter Bullard <carter at qosient.com <mailto:carter at qosient.com>> wrote:
>>>>>>>>>> 
>>>>>>>>>> Gentle people,
>>>>>>>>>> I think I have a fix for netflow v9 ipv6 import. If you could test the mods, replace your clients ./common/argus_import.c with the included one, recompile, that then check out ra.1 to see if you can now read some IPv6 Netflow v9 data, that would be great !!!
>>>>>>>>>> 
>>>>>>>>>> Thanks,
>>>>>>>>>> 
>>>>>>>>>> Carter
>>>>>>>>>> 
>>>>>>>>>> <argus_import.c>
>>>>>>>>>> 
>>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>> 
>>>>> 
>>>>> 
>>>> 
>>> 
>>> 
>> 
>> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20150410/413d196e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: argus_import.c
Type: application/octet-stream
Size: 171942 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20150410/413d196e/attachment.obj>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20150410/413d196e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3563 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20150410/413d196e/attachment.bin>

More information about the argus mailing list