Flowgen
Netflow generator from JSON to PCAP
Install / Use
/learn @thewhiteninja/FlowgenREADME
flowgen
<br />
Flowgen generates a pcap file containing netflows described in a JSON file. It can be used to test any tools or detection methods based on netflow.
Pcap can be replay by TCPReplay.
Usage
Usage: main.py command -f flows
Command:
generate : Generate Pcap containing netflows
Options:
-h, --help : Show help
-f, --flows : Input file (JSON flows) - required
-o, --output : Output file (default: output.pcap)
-s, --sensor : Flow sensor (IP:PORT)
-c, --collector : Flow collector (IP:PORT)
-v, --version : Flow version (default: 9)
--strict : Disable flow autocompletion
Limitations
-
Netflow V9 only.
-
30 supported fields
| | | | | | | ------------- | ------------- | -------------- | ------------- | ------------------- | | IN_BYTES | IN_PKTS | FLOWS | PROTOCOL | IP_TOS | | L4_SRC_PORT | IPV4_SRC_ADDR | INPUT_SNMP | L4_DST_PORT | IPV4_DST_ADDR | | OUTPUT_SNMP | IPV4_NEXT_HOP | SRC_AS | DST_AS | BGP_IPV4_NEXT_HOP | | MUL_DST_BYTES | LAST_SWITCHED | FIRST_SWITCHED | OUT_BYTES | OUT_PKTS | | MAX_PKT_LNGTH | IPV6_SRC_ADDR | IPV6_DST_ADDR | IPV6_SRC_MASK | IPV6_DST_MASK | | TCP_FLAGS | IPV4_DST_MASK | MUL_DST_PKTS | MIN_PKT_LNGTH | IP_PROTOCOL_VERSION |
Output examples
cat example_flows.json
[
{
"IPV6_SRC_ADDR": "fe80::5153:e252:7215:3e53",
"IPV6_DST_ADDR": "ff02::1:3",
"IN_BYTES": 200000000,
"IN_PKTS": 200000,
"L4_SRC_PORT": 45543,
"L4_DST_PORT": 8888,
"PROTOCOL": 6
}
]
./flowgen/main.py generate -f example_flows.json --sensor 10.83.178.113 --collector 10.83.178.126
[+] Loading flows from example_flows.json
[+] Building flow template
[+] Building flow data
fe80::5153:e252:7215:3e53:45543 --[190.73 MB]--> ff02::1:3:8888
[+] Writing to output.pcap
