BLOG     |     FORUM
Welcome, Guest
Username: Password: Remember me
All your questions answered real quick by Unleash Networks Engineers.
  • Page:
  • 1

TOPIC: Simulating netflow packets in .cap file

Simulating netflow packets in .cap file 14 years 4 months ago #248

Hi,

I am unable to simulate netflow packets that are stored in .cap extension files.

I use the below command to simulate netflow packets:
./pcap2flow /home/test/pcap2flow-0.1/NetFlow_Cisco_ASA.cap 192.168.111.177 2055 -ports 2055 -gaus 2000

I read the below document to simulate live netflow packets from a .pcap extension file:
www.unleashnetworks.com/open-source/pcap2netflow.html

Is there any fix or alternative solution available to simulate netflow from .cap files?

Thanks
Nathan
The administrator has disabled public write access.

Re: Simulating netflow packets in .cap file 14 years 4 months ago #249

I think it should be -gapus instead of -gaus


Note that your capture file should already contain netflow packets. This tool is not like softflowd, which can construct netflow packets from the wire.
Vivek R
Unleash Networks
Support : www.unleashnetworks.com/forums
The administrator has disabled public write access.

Re: Simulating netflow packets in .cap file 14 years 4 months ago #250

Hi Vivek,

Thanks for pointing out, i just overlooked.

Parameter -gapus deals with the flow rate at which the flow should be exported.

Anyway, still I'm unable to simulate V9 flow from .cap file that already has V9 packets.

I even tried softflowd, which generates V9 packets similar to Cisco routers. But my requirement is to simulate V9 packets similar to Cisco ASA 5500 firewall(NSEL logs). The file I'm using to simulate using pcaptoflow has NSEL logs in it.

More info on Cisco ASA netflow is as below:
www.cisco.com/en/US/docs/security/asa/as...netflow/netflow.html

Any idea will be greatly appreciated.

Thanks
Nathan
The administrator has disabled public write access.
  • Page:
  • 1
Moderators: vivek [unleash]
Time to create page: 0.028 seconds