Net::Flow

Net::Flow is a Perl module used to decode and encode NetFlow/IPFIX datagrams.
Download

Net::Flow Ranking & Summary

Advertisement

  • Rating:
  • License:
  • Perl Artistic License
  • Price:
  • FREE
  • Publisher Name:
  • Atsushi Kobayashi
  • Publisher web site:
  • http://search.cpan.org/~akoba/Net-Flow-0.03/lib/Net/Flow.pm

Net::Flow Tags


Net::Flow Description

Net::Flow is a Perl module used to decode and encode NetFlow/IPFIX datagrams. Net::Flow is a Perl module used to decode and encode NetFlow/IPFIX datagrams.SYNOPSISEXAMPLE#1 - Output Flow Records of NetFlow v5, v9 and IPFIX -The following script simply outputs the received Flow Records after decoding NetFlow/IPFIX datagrams. It can parse the NetFlow v5, v9 and IPFIX. If it receive NetFlow v9/IPFIX datagrams, several Templates of NetFlow/IPFIX can be kept as ARRAY reference $TemplateArrayRef. By adding it as the input parameter, it can parse the NetFlow/IPFIX datagrams without templates. If received Packet has same Template Id, this Template is overwritten by new one. use strict ; use Net::Flow qw(decode) ; use IO::Socket::INET; my $receive_port = 9993 ; my $packet = undef ; my $TemplateArrayRef = undef ; my $sock = IO::Socket::INET->new( LocalPort =>$receive_port, Proto => 'udp') ; while ($sock->recv($packet,1548)) { my ( $HeaderHashRef, $TemplateArrayRef, $FlowArrayRef, $ErrorsArrayRef) = Net::Flow::decode( $packet, $TemplateArrayRef ) ; grep{ print "$_n" }@{$ErrorsArrayRef} if( @{$ErrorsArrayRef} ) ; print "n- Header Information -n" ; foreach my $Key ( sort keys %{$HeaderHashRef} ){ printf " %s = =n",$Key,$HeaderHashRef->{$Key} ; } foreach my $TemplateRef ( @{$TemplateArrayRef} ){ print "n-- Template Information --n" ; foreach my $TempKey ( sort keys %{$TemplateRef} ){ if( $TempKey eq "Template" ){ printf " %s = n",$TempKey ; foreach my $Ref ( @{$TemplateRef->{Template}} ){ foreach my $Key ( keys %{$Ref} ){ printf " %s=d", $Key, $Ref->{$Key} ; } print "n" ; } }else{ printf " %s = =n", $TempKey, $TemplateRef->{$TempKey} ; } } } foreach my $FlowRef ( @{$FlowArrayRef} ){ print "n-- Flow Information --n" ; foreach my $Id ( sort keys %{$FlowRef} ){ if( $Id eq "SetId" ){ print " $Id=$FlowRef->{$Id}n" ; }else{ printf " Id=d Value=%sn",$Id,,unpack("H*",$FlowRef->{$Id}) ; } } } }EXAMPLE#2 - Convert Protocol from NetFlow v5 to NetFlow v9 -The following script converts NetFlow protocol from NetFlow v5 to NetFlow v9 as converter. At first, it decodes NetFlow v5 datagram. After that, these flow records are encoded into NetFlow v9 according to the particular Template which include sampling interval and sampling mode. And they are sent to the next Collector. use strict; use Net::Flow qw(decode encode) ; use IO::Socket::INET ; my $receive_port = 9995 ; my $send_port = 9996 ; my $packet = undef ; my $TemplateRef = undef ; my $MyTemplateRef={ 'SetId' =>0, 'TemplateId' =>300, 'Template'=>, } ; my @MyTemplates = ( $MyTemplateRef ) ; my $EncodeHeaderHashRef = { 'SourceId' => 0, 'VersionNum' => 9, 'SequenceNum' => 0, } ; my $r_sock = IO::Socket::INET->new( LocalPort => $receive_port, Proto => 'udp') ; my $s_sock = IO::Socket::INET->new( PeerAddr => '127.0.0.1', PeerPort => $send_port, Proto => 'udp' ) ; while ( $r_sock->recv($packet,1548) ) { my $PktsArrayRef = undef ; my ( $HeaderHashRef, undef, $FlowArrayRef, $ErrorsArrayRef ) = Net::Flow::decode( $packet, undef ) ; grep{ print "$_n" }@{$ErrorsArrayRef} if( @{$ErrorsArrayRef} ) ; foreach my $HashRef ( @{$FlowArrayRef} ){ $HashRef->{"SetId"} = 300 ; $HashRef->{"34"} = pack("N",$HeaderHashRef->{"SamplingInterval"}) if defined $HeaderHashRef->{"SamplingInterval"} ; $HashRef->{"35"} = pack("N",$HeaderHashRef->{"SamplingMode"}) if defined $HeaderHashRef->{"SamplingMode"} ; } $EncodeHeaderHashRef->{"SysUpTime"} = $HeaderHashRef->{"SysUpTime"} ; $EncodeHeaderHashRef->{"UnixSecs"} = $HeaderHashRef->{"UnixSecs"} ; $EncodeHeaderHashRef->{"SequenceNum"} += 1 ; ( $EncodeHeaderHashRef, $PktsArrayRef, $ErrorsArrayRef) = Net::Flow::encode( $EncodeHeaderHashRef, @MyTemplates, $FlowArrayRef, 1400 ) ; grep{ print "$_n" }@{$ErrorsArrayRef} if( @{$ErrorsArrayRef} ) ; foreach my $Ref (@{$PktsArrayRef}){ $s_sock->send($$Ref) ; } }Requirements:· Perl Requirements: · Perl


Net::Flow Related Software

About SoftwareSea