Update README.md

memodi · Mar 14, 2019 · e5642a1 · e5642a1
1 parent a1cf3ee
commit e5642a1
Showing 1 changed file with 80 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -24,8 +24,7 @@ docker run -it --rm networkstatic/nflow-generator -t <ip> -p <port>
 
 Install [Go](http://golang.org/doc/install), then:
 
-	git clone https://github.com/nerdalert/nflow-generator.git -or -
-	git clone https://github.com/richb-hanover/nflow-generator.git
+	git clone https://github.com/nerdalert/nflow-generator.git 
 	cd <dir>
 	go build
 
@@ -37,6 +36,85 @@ Feed it the target collector and port, and optional "false-index" flag:
 
 	./nflow-generator -t <ip> -p <port> [ -f | --false-index ]
 
+### Test
+
+You can run a simple test collection using nfcapd from the nfdump package with the following.
+
+- Start a netflow collector
+
+```
+sudo apt-get install nfdump
+mkdir /tmp/nfcap-test
+nfcapd -E  -p 9001 -l /tmp/nfcap-test
+```
+
+In a seperate console, run the netflow-generator pointing at an IP on the host the collector is running on (in this case the VM has an IP of 192.168.1.113).
+
+```
+sudo docker run -it --rm networkstatic/nflow-generator -t 192.168.1.113 -p 9001
+```
+
+- You should start seeing records displayed to the output of the screen running nfcapd like the following.
+
+```
+$> nfcapd -E  -p 9001 -l /tmp/nfcap-test
+Add extension: 2 byte input/output interface index
+Add extension: 4 byte input/output interface index
+Add extension: 2 byte src/dst AS number
+Add extension: 4 byte src/dst AS number
+Bound to IPv4 host/IP: any, Port: 9001
+Startup.
+Init IPFIX: Max number of IPFIX tags: 62
+
+Flow Record:
+  Flags        =              0x00 FLOW, Unsampled
+  export sysid =                 1
+  size         =                56
+  first        =        1552592037 [2019-03-14 15:33:57]
+  last         =        1552592038 [2019-03-14 15:33:58]
+  msec_first   =               973
+  msec_last    =               414
+  src addr     =      112.10.20.10
+  dst addr     =     172.30.190.10
+  src port     =                40
+  dst port     =                80
+  fwd status   =                 0
+  tcp flags    =              0x00 ......
+  proto        =                 6 TCP
+  (src)tos     =                 0
+  (in)packets  =               792
+  (in)bytes    =                23
+  input        =                 0
+  output       =                 0
+  src as       =             48730
+  dst as       =             15401
+
+
+Flow Record:
+  Flags        =              0x00 FLOW, Unsampled
+  export sysid =                 1
+  size         =                56
+  first        =        1552592038 [2019-03-14 15:33:58]
+  last         =        1552592038 [2019-03-14 15:33:58]
+  msec_first   =               229
+  msec_last    =               379
+  src addr     =     192.168.20.10
+  dst addr     =     202.12.190.10
+  src port     =                40
+  dst port     =               443
+  fwd status   =                 0
+  tcp flags    =              0x00 ......
+  proto        =                 6 TCP
+  (src)tos     =                 0
+  (in)packets  =               599
+  (in)bytes    =               602
+  input        =                 0
+  output       =                 0
+  src as       =              1115
+  dst as       =             50617
+
+```
+
 ### Update - May 2017
 
 The original mock netflow generator placed random values in several fields which confused