opsec / softflowd Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/softflowd
License: Other
Automatically exported from code.google.com/p/softflowd
License: Other
What steps will reproduce the problem?
- softflowd stops/crashes after a few hours/days of running with the following
output:
Shutting down after pcap EOF
Shutting down on user request
What version of the product are you using? On what operating system?
softflowd 0.9.8
Linux 2.6.27.7-9-pae #1 SMP 2008-12-04 18:10:04 +0100 i686 i686 i386 GNU/Linux
Please provide any additional information below.
I've commented "graceful_shutdown_request = 1" (line 1872 in softflowd.c) then
got:
Shutting down after pcap EOF
Exiting immediately on user request
Original issue reported on code.google.com by [email protected]
on 21 Nov 2011 at 9:13
It would be very useful to be able to use libnetfilter_log as an input to
softflowd.
Original issue reported on code.google.com by [email protected]
on 22 Dec 2014 at 7:05
what is the role of sampling??
Is possible to give sampled packet to softflowd?? difference between given all
packet and sampled packet????
Original issue reported on code.google.com by [email protected]
on 10 Jun 2014 at 9:02
What steps will reproduce the problem?
When the data export, my collector generates the data with different date, I am
using the NFSEN. for example:
2011-06-28 xxxxxxxxxxxxxxxxxx xxxxxxxxxxx xxxxxxxxxxxx xxxxxxxx...
this late date.
And one more question, I could profiles exporter or make profiles with
softflowd?
What is the expected output? What do you see instead?
Late date
What version of the product are you using? On what operating system?
pfsense 2.0
att
Zacaron
Original issue reported on code.google.com by [email protected]
on 2 Aug 2011 at 7:37
What steps will reproduce the problem?
1. Analyze source code from files netflow1.c and netflow5.c
2. Look for following snippet in function send_netflow_v[15]:
if (j == 0) {
memset(&packet, '\0', sizeof(packet));
3. Run tcpdump and see generated netflow packets.
According to IF MIB Definition of ifIndex
(http://net-snmp.sourceforge.net/docs/mibs/IF-MIB.txt) ifIndex has to be
greater than zero. Right now both ifIndex fields in every flow are set to 0.
The problem applies to version 0.9.8 and 0.9.9.
Because of the problem Netflow Analyzer Enterprise Edition from from
ManageEngine (http://www.manageengine.com/products/netflow/) refuses to see
such flows.
The problem can be fixed with following code:
flw->if_index_out = flw->if_index_in = htons(1);
It's necessary to add the string in the functions send_netflow_v[15] just
before following code:
offset += sizeof(*flw);
j++;
I attached full patch for it.
Or try to map SNMP-index of given on command line interface name.
But it's more complicated.
With best regards,
Maxim Zimovets
Original issue reported on code.google.com by [email protected]
on 20 Apr 2012 at 5:46
Attachments:
What steps will reproduce the problem?
1. Setup a pfSense router to send NetFlow V9 to a CentOS 6/FlowViewer/IPFIX
2. Take a Wireshark trace on CentOS with tcpdump
3. Observe following decoding:
Cisco NetFlow/IPFIX
Version: 9
Count: 14
SysUptime: 129080.231279120 seconds
Timestamp: Nov 2, 2014 09:17:01.000000000 Paris, Madrid
CurrentSecs: 1414916221
FlowSequence: 163268
SourceId: 0
FlowSet 1
FlowSet Id: (Data) (1024)
FlowSet Length: 440
Flow 1
SrcAddr: 192.168.100.64 (192.168.100.64)
DstAddr: 192.168.150.15 (192.168.150.15)
[Duration: -0.061000000 seconds]
StartTime: 128738.007000000 seconds
EndTime: 128737.946000000 seconds
Octets: 116
Packets: 1
SrcPort: 63880
DstPort: 161
Protocol: 17
TCP Flags: 0x00
IPVersion: 04
Flow 2
SrcAddr: 192.168.150.15 (192.168.150.15)
DstAddr: 192.168.100.64 (192.168.100.64)
[Duration: -0.061000000 seconds]
StartTime: 128738.007000000 seconds
EndTime: 128737.946000000 seconds
Octets: 130
Packets: 1
SrcPort: 161
DstPort: 63880
Protocol: 17
TCP Flags: 0x00
IPVersion: 04
What is the expected output? What do you see instead?
End time later than Start time
What version of the product are you using? On what operating system?
pfSense 2.1.5-RELEASE (i386)
softflowd 0.9.8 pkg v1.0.1
Please provide any additional information below.
Regards
Antoine
Original issue reported on code.google.com by [email protected]
on 3 Nov 2014 at 11:13
What steps will reproduce the problem?
1. extract tar.gz
2. create rpmbuild directory structure
3. copy files to folders inside rpmbuild structure:
cp softflowd-0.9.9/softflowd.spec ~/rpmbuild/SPECS
cp softflowd-0.9.9/softflowd.init ~/rpmbuild/SOURCES
cp softflowd-0.9.9/softflowd.sysconfig ~/rpmbuild/SOURCES
cp softflowd-0.9.9.tar.gz ~/rpmbuild/SOURCES
4. build rpm: rpmbuild -ba:
rpmbuild -ba ~/rpmbuild/SPECS/softflowd.spec
What is the expected output? What do you see instead?
It was expected tu see a builded rpm file
It gives an error saying that it cannot find "ChangeLog" file
What version of the product are you using? On what operating system?
softflowd-0.9.9 on Centos 6.2
Please provide any additional information below.
I made a simple script that changes the softflowd.spec not to use "ChangeLog"
file
but if you could add it to tar.gz file it would be the right way of do it.
thanks
Original issue reported on code.google.com by [email protected]
on 4 Jun 2012 at 1:44
What steps will reproduce the problem?
$ softflowd -i eth0 -n blahh:1234
if "blahh" cannot be resolved, the error message
is "address too long" .
What is the expected output? What do you see instead?
"unknown hostname" or something similar
What version of the product are you using? On what operating system?
current (0.9.9) on gentoo linux
Please provide any additional information below.
this small patch works for me:
--- softflowd_orig.c 2012-02-13 02:39:42.000000000 +0100
+++ softflowd.c 2013-08-19 21:22:57.000000000 +0200
@@ -1603,7 +1603,7 @@
memset(&hints, '\0', sizeof(hints));
hints.ai_socktype = SOCK_DGRAM;
- if ((herr = getaddrinfo(host, port, &hints, &res)) == -1) {
+ if ((herr = getaddrinfo(host, port, &hints, &res)) != 0) {
fprintf(stderr, "Address lookup failed: %s\n",
gai_strerror(herr));
exit(1);
output is "Address lookup failed: Name or service not known"
as expected.
Original issue reported on code.google.com by [email protected]
on 19 Aug 2013 at 7:33
Hi,
I'm interested by this tool. I want to catch NetFlow data from Cisco Catalyst
2950 switches taht are note NetFlow capable by himself.
I found a website talking about your product was able to give a kind of
rendering with these switches (From
www.plixer.com/blog/netflow-analyzer/catalyst-2950-netflow-support/)
I would like to use your product but I found nothing help me to install your
product, no sample, no lab environment, no screenshot,...
Producing at least a small documentation section on this web page could be very
interesting. We should found that:
1- How to install (Package, platform, requierment, etc.)
2- How to configure
3- Sample (real usage to have a kind of template)
4- Supported network equipments
5- Supported software (like, how softflowd work between a network and ntop)
Original issue reported on code.google.com by [email protected]
on 30 Oct 2012 at 8:26
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.