Comments (3)
vFlow doesn't support expanded flow sample / type 3. It supports type 1 and 2. maybe it sends type 3 as well?!
from vflow.
Alright @mehrdadrad, Yes it's expanded flow.
I have another issue is that, getting diff total length in sflow. You can check below tcpdump and output.
11:22:50.476764 IP (tos 0x0, ttl 254, id 0, offset 0, flags [none], proto UDP (17), length 212)
172.16.14.5.52991 > 10.20.40.34.6343: sFlowv5, IPv4 agent 128.0.0.4, agent-id 0, seqnum 12581, uptime 120987363, samples 1, length 184
flow sample (1), length 148, seqnum 2023, type 0, idx 527, rate 2000, pool 4048000, drops 0, input 527 output 2147483648 records 1
enterprise 0 Raw packet (1) length 108
protocol Ethernet (1), length 96, stripped bytes 4, header_size 92
{"Version":5,"IPVersion":1,"AgentSubID":0,"SequenceNo":12581,"SysUpTime":120987363,"SamplesNo":1,"Samples":[{"SequenceNo":2023,"SourceID":0,"SourceIDType":0,"SourceIDIdx":527,"SamplingRate":2000,"SamplePool":4048000,"Drops":0,"InputFormat":0,"Input":527,"OutputFormat":0,"Output":2147483648,"RecordsNo":1,"Records":{"RawHeader":{"L2":{"SrcMAC":"00:50:56:bb:3f:9b","DstMAC":"ff:ff:ff:ff:ff:ff","Vlan":0,"EtherType":2048},"L3":{"Version":4,"TOS":0,"TotalLen":78,"ID":14230,"Flags":0,"FragOff":0,"TTL":128,"Protocol":17,"Checksum":38521,"Src":"172.16.8.112","Dst":"172.16.11.255"},"L4":{"SrcPort":137,"DstPort":137}}}}],"Counters":[],"AgentID":"128.0.0.4","ColTime":1636955570}
Here TotalLen getting 78 but actually, it is 96.
Here I am attaching another one as well with pcap so you can correct me if I am wrong
Edge Cast Output:
{"Version":5,"IPVersion":1,"AgentSubID":0,"SequenceNo":22336,"SysUpTime":177701040,"SamplesNo":1,"Samples":[{"SequenceNo":5840,"SourceID":0,"SourceIDType":0,"SourceIDIdx":527,"SamplingRate":1000,"SamplePool":5841000,"Drops":0,"InputFormat":0,"Input":527,"OutputFormat":0,"Output":0,"RecordsNo":1,"Records":{"RawHeader":{"L2":{"SrcMAC":"00:50:56:bb:dc:6e","DstMAC":"33:33:00:01:00:03","Vlan":0,"EtherType":34525},"L3":{"Version":6,"TrafficClass":0,"FlowLabel":0,"PayloadLen":41,"NextHeader":17,"HopLimit":1,"Src":"fe80::6465:df0:31ee:aff4","Dst":"ff02::1:3"},"L4":{"SrcPort":64771,"DstPort":5355}}}}],"Counters":[],"AgentID":"128.0.0.4","ColTime":1637213837}
TCP Dump Text,
11:07:17.506673 IP (tos 0x0, ttl 254, id 0, offset 0, flags [none], proto UDP (17), length 216)
172.16.14.5.49674 > ranjit-HP-ProBook-430-G3.6343: sFlowv5, IPv4 agent 128.0.0.4, agent-id 0, seqnum 22336, uptime 177701040, samples 1, length 188
flow sample (1), length 152, seqnum 5840, type 0, idx 527, rate 1000, pool 5841000, drops 0, input 527 output 0 records 1
enterprise 0 Raw packet (1) length 112
protocol Ethernet (1), length 99, stripped bytes 4, header_size 95
PCAP File:
could you please help me out to understand?
from vflow.
@mehrdadrad, any plan to support expanded flow sample / type 3? I'm interested in creating a pr to add that
from vflow.
Related Issues (20)
- Errors in trying to use this project as a library HOT 6
- Vflow support of Kafka Partition key
- memcache.go has possible hash collisions, leading to wrong values saved/retrieved from cache
- vflow_ipfix_udp_packets doesn't increase on stress traffic
- Abandoned project? HOT 16
- sflow packets with padding after sample is not parsed correctly
- sflow packets with sample packets of non-UDP/TCP/ICMP are dropped HOT 1
- nf9/ipfix fields of type String are copied to the JSON output as-is, without handling special charachters HOT 1
- Parsing of sflow SourceID from sample record is wrong
- Proposal - support of extended sflow format HOT 3
- ipfix/nf9 unknown elements cause whole data to be dropped HOT 1
- kafka: client has run out of available brokers to talk to (Is your cluster reachable?)
- UDP InErrors observed in sflow listener under load tesing HOT 1
- [kafka.segmentio] not creating topics
- [kafka] timestamp for all messages is always 01/01/1970, 06:59:59
- installation memo HOT 2
- Vflow does'nt recieve Netflow packets HOT 1
- Can't connecting to nsqd HOT 1
- realtime consume data from kafka to clickhouse
- update go.mod
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vflow.