Of course, generally when you export flows from a BGP router with a full table, it should already have ASNs populated.
If you have flow data with no ASN, probably the easiest way to fill it in would be to script something with MaxMind's open source ASN data: https://www.maxmind.com/en/open-source-data-and-api-for-ip-geolocation I don't know off-hand of software that updates fields in nfdump files, but there must be something out there, or some Perl or Python modules to do so. In the past, I've rolled my own ASN-to-prefix cross-ref by grabbing the global routing table from a BGP router and then annotating it with the asn lists from cidr-report.org: http://www.cidr-report.org/as2.0/autnums.html which is linked from: http://www.cidr-report.org/as2.0/ On 1/25/2018 5:37 AM, Leandro wrote: > Hi guys , Im trying to analyze incoming traffic from an specific asn , > I can not filter this using source ip since this operator uses a lot > of subnets (about 7k). > My idea is to grab a flow file and insert the asn for further > analysis. Is there something about this ? > Any idea would help , > Regards , > Leo. > > > ------------------------------------------------------------------------------ > > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Nfsen-discuss mailing list > Nfsen-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
