Netflow record can't get octets (jnca)
I'm using jnca library to collect NetFlow records sent by a router. The version of the NetFlow record sent by the router is version 9.
When the NetFlow packet is observed from the Wireshark the flow sets with the template id 263 contains the data about initiator octets and responder octets which can be used to determine the number of bytes associated with a flow.
But the problem is these values cannot be obtained by the jcna. It shows always zero for the octets.
currOffset = t.getTypeOffset(FieldDefinition.InBYTES_32);
currLen = t.getTypeLen(FieldDefinition.InBYTES_32);
if (currOffset >= 0 && currLen > 0) {
dOctets = Util.to_number(buf, off + currOffset, currLen) * t.getSamplingRate();
}
This is the code segment which is used to get the dOctets. This returns zero even for the template ID 263.
But when it's calculated with respect to the NetFlow template id 263 it gives the correct data. (gives the initiator octets and to get responder octet 46 should be replaced with 50 as the length of the particular record is 4 bytes)
dOctets = Util.to_number(buf, off + 46, 4)
46 is where the Initiator Octets record lies in that particular NetFlow packet.(got using the Wireshark record.)
Is it a problem with jnca? Hopefully, somebody who's familiar with jcna can give me some help on this.
Solution 1:
Retrieving Network Usage Information from NetFlow Version 9 Records
Netflow is a feature that was introduced on Cisco routers that give the ability to collect IP network traffic as it enters or exits an interface. By analyzing the data that is provided by Netflow a network administrator can determine things such as the source and destination of the traffic, class of service, and the cause of congestion. Netflow consists of three components: flow caching, Flow Collector, and Data Analyzer. In Netflow, router forwards details of network usage as UDP packets to a specified port of a destination.
Java NetFlow Collect-Analyzer
More Info