Answer the question
In order to leave comments, you need to log in
J
J
jajabin2019-08-09 17:06:40
jajabin, 2019-08-09 17:06:40
How to read flow-capture files?
Flow-capture adds netflow v5 dumps to the server, when it is read from GO, either it is impossible to read it at all, because the first two bytes are not the netflow version, or if I shift the array by 11 bytes, it subtracts the packet completely or also gives an error if I try for example, consider another dump (I even picked it up), but
it
gives
me absolutely not what it should be
, example output:
0.0.0.10
157.121.64.85
138.166.72.38
When working with flow-tools, everything is displayed correctly, I used different libraries for unmarshalling into the structure, but the output is the same everywhere, the one indicated above.
go func() {
for f := range fileNamesCatalog{
file, err := ioutil.ReadFile(f)
if err != nil{
fmt.Errorf("Failed open file %v", f)
continue
}
decoder := netflow.NewDecoder(session.New())
body, err := decoder.Read(bytes.NewReader(file[11:]))
switch packet := body.(type) {
case *netflow5.Packet:
filter(packet,net.ParseIP("157.121.64.85"),packetsChannel)
}
}
}()
Similar questions
E
R
S
A
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question