python-netflow-v9-softflowd icon indicating copy to clipboard operation
python-netflow-v9-softflowd copied to clipboard

Published 20 hours ago verified publisher icon bitkeks

Template is not detected

Open KywoSkylake opened this issue 1 year ago • 1 comments

Hi,

I wanted to report an issue that I encountered. I am using flowd from mindrot.org to send the netflow data to my python script. Unfortunately the Netflow implementation is not getting the template.

I checked the packets that are send by flowd and sometimes it send the information containing the template but the netflow implementation doesn't handle it. For reference I included the output and the template that is send by flowid 0.

NetFlow v9 packet detected, but no templates dict was passed! For correct parsing of packets with templates, create a 'templates' dict and pass it into the 'parse_packet' function.
(0, 172, b'\x01\x00\x00\x14\x00\x08\x00\x04\x00\x0c\x00\x04\x00\x0f\x00\x04\x00\n\x00\x02\x00\x0e\x00\x02\x00\x02\x00\x04\x00\x01\x00\x04\x00\x18\x00\x04\x00\x17\x00\x04\x00\x16\x00\x04\x00\x15\x00\x04\x00\x07\x00\x02\x00\x0b\x00\x02\x00\x06\x00\x01\x00\x04\x00\x01\x00\x05\x00\x01\x00\x10\x00\x04\x00\x11\x00\x04\x00\t\x00\x01\x00\r\x00\x01\x01\x03\x00\x14\x00\x1b\x00\x10\x00\x1c\x00\x10\x00>\x00\x10\x00\n\x00\x02\x00\x0e\x00\x02\x00\x02\x00\x04\x00\x01\x00\x04\x00\x18\x00\x04\x00\x17\x00\x04\x00\x16\x00\x04\x00\x15\x00\x04\x00\x07\x00\x02\x00\x0b\x00\x02\x00\x06\x00\x01\x00\x04\x00\x01\x00\x05\x00\x01\x00\x10\x00\x04\x00\x11\x00\x04\x00\t\x00\x01\x00\r\x00\x01')
(1, 0, 0, 20, 0, 8, 0, 4, 0, 12, 0, 4, 0, 15, 0, 4, 0, 10, 0, 2, 0, 14, 0, 2, 0, 2, 0, 4, 0, 1, 0, 4, 0, 24, 0, 4, 0, 23, 0, 4, 0, 22, 0, 4, 0, 21, 0, 4, 0, 7, 0, 2, 0, 11, 0, 2, 0, 6, 0, 1, 0, 4, 0, 1, 0, 5, 0, 1, 0, 16, 0, 4, 0, 17, 0, 4, 0, 9, 0, 1, 0, 13, 0, 1, 1, 3, 0, 20, 0, 27, 0, 16, 0, 28, 0, 16, 0, 62, 0, 16, 0, 10, 0, 2, 0, 14, 0, 2, 0, 2, 0, 4, 0, 1, 0, 4, 0, 24, 0, 4, 0, 23, 0, 4, 0, 22, 0, 4, 0, 21, 0, 4, 0, 7, 0, 2, 0, 11, 0, 2, 0, 6, 0, 1, 0, 4, 0, 1, 0, 5, 0, 1, 0, 16, 0, 4, 0, 17, 0, 4, 0, 9, 0, 1, 0, 13, 0, 1)
NetFlow v9 packet detected, but no templates dict was passed! For correct parsing of packets with templates, create a 'templates' dict and pass it into the 'parse_packet' function.

The rest is send by flowid = 256.

I wanted to define the template manually but I don't know how I could do it.

If someone has an idea on how to fix it. Please let me know.

Thank you in advance Mike

KywoSkylake avatar Jan 23 '24 14:01 KywoSkylake