Decode raw Netflow Data to human readable text in Python
I manage to collect some raw Netflow Data and with the usuage of scapy to decode my packets to Netflow version 9. However, I am stuck and unable to move on to convert the field values to human readable text. The code below is how I view the data with scapy:
from scapy.all import *
def handle(self, ip, data):
logging.info('Receiving Data from %s with %s bytes of data.' % (ip, len(data)))
a = NetflowHeader(raw(data))
a.show()
This is the output i get:
Update: newer Scapy versions have support for on-the-flow netflow v9 parsing (use the GitHub master version).
# Live / on-the-flow / other: use NetflowSession
>>> sniff(session=NetflowSession, prn=[...])
Original post:
Netflow v9 is a poor format, because each packet needs some previous packets to be dissected. Scapy does not support this functionality on-the-go, but it instead provides a function callable on a packet list.
You need to collect a list of the netflowV9 packets then call netflowv9_defragment(thelist)
See https://github.com/secdev/scapy/blob/master/scapy/layers/netflow.py#L11
This only means you can’t use prn with NetflowV9
- how to average in a specific dimension with numpy.mean?
- Removed Realm, but still getting this error: module importing failed: invalid token (rlm_lldb.py, line 37) File "temp.py", line 1,
- Bool object does not support item assignment
- Conda env vs venv / pyenv / virtualenv / poetry / docker, etc
- How to import values from excel with pandas into tkinter faster?
- Speed up concatenation of excel files with Pandas
- Faster way to read Excel files to pandas dataframe
- Create Azure TimerTrigger Durable Function in python
- Read same file from src and test in PyCharm
- How to use Cython to compile Python 3 into C
- Outputting variable from one thread to other
- How to POST a JSON having a single body parameter in FastAPI?
- touchscreen raspberry pi phantom touch (reset fixes)
- How to determine the encoding of text
- Specify extras_require with pip install -e
- Plotting a second scaled y axis in matplotlib from one set of data
- How can I call scikit-learn classifiers from Java?
- How does Pandas.Series.nbytes work for strings? Results don't seem to match expectations
- How to install ursina on pydroid?
- auditlog with Django and DRF
- Python: How to RECURSIVELY remove None values from a NESTED data structure (lists and dictionaries)?
- How to Mark Repeated Entries as True Starting from the Second Occurrence Using NumPy?
- Python3.5 send object over socket (Pygame cam image)
- Value based partial slicing with non-existing keys is now deprecated
- Camelot: DeprecationError: PdfFileReader is deprecated
- How can I partially fill a numpy array with a value given a range?
- Conda wont install pdfplumber
- tomli-w, adding arrays from a python script
- Override value in pydantic model with environment variable
- Polars-Python: Compare list columns