Hi, Alan , thanks for the response.
It think the most difficult part of this is how to insert asn number on
the flow data structure.
First I need to read the data file , then iterate over all flows
(perhaps using pcap library ?) then take the ips involved in the flow
and insert their asn.
The idea is that this modification allow us to keep using nfsen graphics
and filter for further analisys.
I think it is necessary to have a very deep knowledge of the necessary
development tools.
Do you know some tool / api to analize and edit the flow data file at a
higher level ?
Thanks,
Leo.
On 26/01/18 00:08, Alan Whinery wrote:
Of course, generally when you export flows from a BGP router with a full
table, it should already have ASNs populated.
If you have flow data with no ASN, probably the easiest way to fill it
in would be to script something with MaxMind's open source ASN data:
https://www.maxmind.com/en/open-source-data-and-api-for-ip-geolocation
I don't know off-hand of software that updates fields in nfdump files,
but there must be something out there, or some Perl or Python modules to
do so.
In the past, I've rolled my own ASN-to-prefix cross-ref by grabbing the
global routing table from a BGP router and then annotating it with the
asn lists from cidr-report.org:
http://www.cidr-report.org/as2.0/autnums.html
which is linked from:
http://www.cidr-report.org/as2.0/
On 1/25/2018 5:37 AM, Leandro wrote:
Hi guys , Im trying to analyze incoming traffic from an specific asn ,
I can not filter this using source ip since this operator uses a lot
of subnets (about 7k).
My idea is to grab a flow file and insert the asn for further
analysis. Is there something about this ?
Any idea would help ,
Regards ,
Leo.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
