This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Packets generate

0

Hi Guys,

I met a requirement from customer.

they have several network elements which couldn't send out the Netflow packets, but the traffic monitoring tool in their network want to fetch Netflow packet for analysis. so they are searching a tool to capture the original packets from Switch mirror port and then convert to Netflow format packets.

the main idea as below: Step 1, the Tool receive original packets from switch mirror port; Step 2, the Tool read the original packets and write the packet header information to txt file with netflow format; Step 3, the Tool generate NETFLOW format packets based on the above txt file, and send out to the traffic monitoring tool.

I am thinking about the above methond but NOT sure if it is feasible. Hope to get some advices/suggestions for you.

Looking forward to your response.

thanks a lot.

Regards, Sam

asked 13 Oct '14, 22:09

Sam's gravatar image

Sam
517914
accept rate: 0%


2 Answers:

0

I don't think Wireshark or tshark are much help here, unless you want to spend a lot of effort on the steps 2 and 3, which you'd need to build yourself.

If they really want to do what you say they should look for Netflow probes, e.g. nProbe or other "capture packets and send results as Netflow" solutions. I have tested commercial solutions like FlowMon Probe myself, and they work as they should (but some cost money, of course :-))

answered 14 Oct '14, 01:08

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

thanks for your advice,Jasper. I am going to try the FlowMon, will get back to you.

(19 Oct '14, 07:51) Sam

0

Could this be of help?

answered 14 Oct '14, 01:18

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

softflowd is a nice and usefull tool. Softflowd can capture the original packets and to analyis them then output the netflow records. but how to generate the netflow records out to another tool which used to analysis netflow packets? by the way, what's that mean about the command 'softflowctl send-template'? where i can see the result if 'template' sent out?

(19 Oct '14, 07:55) Sam