Merge pull request netobserv#1 from richb-hanover/master

Create better mock data
memodi · Jun 27, 2017 · 6ddf70f · 6ddf70f
2 parents 0469202 + 2bca96c
commit 6ddf70f
Show file tree

Hide file tree

Showing 3 changed files with 327 additions and 209 deletions.
diff --git a/README.md b/README.md
@@ -1,4 +1,10 @@
-## Usage
+# Usage - nflow-generator
+
+This program generates mock netflow (v5) data that can be used to test netflow collector programs. 
+The program simulates a router that is exporting flow records to the collector.
+It is useful for determining whether the netflow collector is operating and/or receiving netflow datagrams.
+
+nflow-generator generates several netflow datagrams per second, each with 8 or 16 records for varying kinds of traffic (HTTP, SSH, SNMP, DNS, MySQL, and many others.)
 
 ### Docker Image Run (Easiest)
 
@@ -16,21 +22,34 @@ docker run -it --rm networkstatic/nflow-generator -t <ip> -p <port>
 
 ### Build
 
-Install [Go](http://golang.org/doc/install)
+Install [Go](http://golang.org/doc/install), then:
 
-	git clone https://github.com/nerdalert/nflow-generator.git
+	git clone https://github.com/nerdalert/nflow-generator.git -or -
+	git clone https://github.com/richb-hanover/nflow-generator.git
 	cd <dir>
 	go build
 
 Go build will leave a binary in the root directory that can be run.
 
 ### RUN
 
-Feed it the target collector and port:
+Feed it the target collector and port, and optional "false-index" flag:
+
+	./nflow-generator -t <ip> -p <port> [ -f | --false-index ]
 
-	./nflow-generator -t <ip> -p <port>
+### Update - May 2017
 
-Or:
+The original mock netflow generator placed random values in several fields which confused 
+certain netflow collectors that complained about inaccurate time stamps, 
+and were confused by the random values sent in the input and output interface fields. This update:
 
-	go run nflow-generator.go nflow_logger.go nflow_data.go  -t 172.16.86.138 -p 9995
+* Sets the `SysUptime`, `unix_secs`, and `unix_nsecs` fields of the Netflow datagrams to sensible (UTC) values
+* Generates a unique `flow_sequence` value for each netflow datagram
+* Creates reasonable start/stop times for flows, so the First is set to (now-X) and Last to (now-Y), where X & Y are random times, and X > Y.
+* If the --false-index (-f) flag is set on the command line, 
+use this algorithm to set the interface indexes to 1 or 2:
+If the source address > dest address, input interface is set to 1, and set to 2 otherwise,
+and the output interface is set to the opposite value.
+If the -f is missing, both snmp interface indexes will be set to 0. [Default]
 
+To learn more about Netflow version 5 datagram formats, see the [Cisco Netflow documentation](http://www.cisco.com/c/en/us/td/docs/net_mgmt/netflow_collection_engine/3-6/user/guide/format.html)
diff --git a/nflow-generator.go b/nflow-generator.go
@@ -35,7 +35,8 @@ var opts struct {
 	CollectorIP   string `short:"t" long:"target" description:"target ip address of the netflow collector"`
 	CollectorPort string `short:"p" long:"port" description:"port number of the target netflow collector"`
 	SpikeProto    string `short:"s" long:"spike" description:"run a second thread generating a spike for the specified protocol"`
-	Help          bool   `short:"h" long:"help" description:"show nflow-generator help"`
+    FalseIndex    bool   `short:"f" long:"false-index" description:"generate false SNMP interface indexes, otherwise set to 0"`
+    Help          bool   `short:"h" long:"help" description:"show nflow-generator help"`
 }
 
 func main() {
@@ -107,6 +108,9 @@ func showUsage() {
 Usage:
   main [OPTIONS] [collector IP address] [collector port number]
 
+  Send mock Netflow version 5 data to designated collector IP & port.
+  Time stamps in all datagrams are set to UTC.
+
 Application Options:
   -t, --target= target ip address of the netflow collector
   -p, --port=   port number of the target netflow collector
@@ -124,14 +128,23 @@ Application Options:
         https_alt - generates tcp/8080
         p2p - generates udp/6681
         bittorrent - generates udp/6682
+  -f, --false-index generate false snmp index values of 1 or 2: If the source address > dest address, input interface is set to 1, and set to 2 otherwise,
+and the output interface is set to the opposite value. Default in and out interface is 0. (Optional)
+
+Example Usage:
 
-Example:
-    -generate default flows:
-    ./nflow-generator.go -t 172.16.86.138 -p 9995
+    -first build from source (one time)
+    go build   
+
+    -generate default flows to device 172.16.86.138, port 9995
+    ./nflow-generator -t 172.16.86.138 -p 9995 
 
     -generate default flows along with a spike in the specified protocol:
     ./nflow-generator -t 172.16.86.138 -p 9995 -s ssh
 
+    -generate default flows with "false index" settings for snmp interfaces 
+    ./nflow-generator -t 172.16.86.138 -p 9995 -f
+
 Help Options:
   -h, --help    Show this help message
   `