The capture stream adds netflow v5 dumps to the server, when reading it from GO it is either simply impossible to read, because the first two bytes are not a version of netflow, or if I transfer the packet to 11 arrays, it gives the packet completely or also gives an error if it tries example output that should be, example output:
0.0.0.10
157.121.64.85
138.166.72.38
107.207.29.71
108.177.99.171
243.117.126.147
But netflow writes addresses in a dump which are behind NAT.
When working with flow-tools everything is displayed correctly, used various libraries to unmarshal into the structure, but the output is the same everywhere, the one indicated above.
go func() {
for f := range fileNamesCatalog{
file, err := ioutil.ReadFile(f)
if err != nil{
fmt.Errorf("Failed open file %v", f)
continue
}
decoder := netflow.NewDecoder(session.New())
body, err := decoder.Read(bytes.NewReader(file[11:]))
switch packet := body.(type) {
case *netflow5.Packet:
filter(packet,net.ParseIP("157.121.64.85"),packetsChannel)
}
}
}()
I am using two packages: https://github.com/tehmaze/netflow https://github.com/VerizonDigital/vflow
