javaudpcisconetflowjflow

How to get flow record details of a netflow packet


I've used jflow to capture the netflow packets. By running the print example I could observe this kind of output.

13.243.146.68.41472 -> 10.100.0.126.13570 285212682 0
0.43.0.0.18 -> 0.199.0.0.4352 8321715 100
53.2.7.225.3571 -> 0.0.1.67.37446 323 5
1.187.0.3.323 -> 6.0.0.10.28807 0 183
0.0.0.0.0 -> 0.0.0.0.3571 0 10
1.1.0.53.0 -> 0.18.17.0.323 889257984 26
0.0.0.0.0 -> 0.0.0.0.0 0 146
192.168.1.1.6775 -> 0.53.0.18.0 754988289 112

This seems to printed inside DatagramSocket.receive(DatagramPacket) method. How can I print these details like host address , destination address etc of a netflow record on my own.

Also I couldn't figure out what's meant by the last two parameters of above output.


Solution

  • If you have a look at the source for jflow, you'll see exactly what it's printing.

    The linked code calls:

          System.out.println(f.toShortString());
    

    If you have a look at that method, which is nettrack.net.netflow.Flow::toShortString, you'll see exactly what it's doing:

    public String toShortString()
    {
      return
        IpAddr.toString(getSrcAddr())+"."+getSrcPort()+" -> "+
        IpAddr.toString(getDstAddr())+"."+getDstPort()+" "+
        getDOctets();
    }  
    

    Continue looking at the source to see what getDOctets does.

    https://github.com/aptivate/netgraph/blob/master/jflow-0.3/src/nettrack/net/netflow/Flow.java