{"id":27294494,"url":"https://github.com/nerdalert/nflow-generator","last_synced_at":"2025-04-11T22:53:16.298Z","repository":{"id":28083947,"uuid":"31581560","full_name":"nerdalert/nflow-generator","owner":"nerdalert","description":"NetFlow Generator for Testing Flow Collection Apps","archived":false,"fork":false,"pushed_at":"2023-02-22T17:20:17.000Z","size":2061,"stargazers_count":116,"open_issues_count":4,"forks_count":47,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-04-11T22:53:10.484Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"http-kit/http-kit","license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nerdalert.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-03-03T05:43:13.000Z","updated_at":"2025-03-18T11:18:20.000Z","dependencies_parsed_at":"2024-06-18T22:41:25.681Z","dependency_job_id":null,"html_url":"https://github.com/nerdalert/nflow-generator","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nerdalert%2Fnflow-generator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nerdalert%2Fnflow-generator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nerdalert%2Fnflow-generator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nerdalert%2Fnflow-generator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nerdalert","download_url":"https://codeload.github.com/nerdalert/nflow-generator/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248492951,"owners_count":21113162,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-04-11T22:53:15.493Z","updated_at":"2025-04-11T22:53:16.289Z","avatar_url":"https://github.com/nerdalert.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Usage - nflow-generator\n\n[![nflow-generator image CI](https://github.com/nerdalert/nflow-generator/actions/workflows/image-build.yml/badge.svg)](https://github.com/nerdalert/nflow-generator/actions/workflows/image-build.yml)\n\nThis program generates mock netflow (v5) data that can be used to test netflow collector programs. \nThe program simulates a router that is exporting flow records to the collector.\nIt is useful for determining whether the netflow collector is operating and/or receiving netflow datagrams.\n\nnflow-generator generates several netflow datagrams per second, each with 8 or 16 records for varying kinds of traffic (HTTP, SSH, SNMP, DNS, MySQL, and many others.)\n\n### Docker Image Run (Easiest)\n\nSimply run in a container and pass any arguments at runtime. Below is an example passing the `--help` flag:\n\n```\ndocker run -it --rm networkstatic/nflow-generator --help\n# or podman/quay repos\npodman run -it --rm /quay.io/networkstatic/nflow-generator --help\n```\n\nTo generate mock flow data simply add the target IP and port:\n\n```\ndocker run -it --rm networkstatic/nflow-generator -t \u003cip\u003e -p \u003cport\u003e\n# or podman/quay repos\npodman run -it --rm /quay.io/networkstatic/nflow-generator -t \u003cip\u003e -p \u003cport\u003e\n```\n\n### Download the binary\n\nYou can download the Linux binary here [nflow-generator-x86_64-linux](https://github.com/nerdalert/nflow-generator/blob/master/binaries/nflow-generator-x86_64-linux).\n### Build\n\nInstall [Go](http://golang.org/doc/install), then:\n\n\tgit clone https://github.com/nerdalert/nflow-generator.git \n\tcd nflow-generator\n\tgo build\n\nGo build will leave a binary in the root directory that can be run.\n\t\n### RUN\n\nFeed it the target collector and port, and optional \"false-index\" flag:\n\n\t./nflow-generator -t \u003cip\u003e -p \u003cport\u003e [ -f | --false-index ]\n\n### Run a Test Collection\n\nYou can run a simple test collection using nfcapd from the nfdump package with the following.\n\n- Start a netflow collector\n\n```\nsudo apt-get install nfdump\nmkdir /tmp/nfcap-test\nnfcapd -E -p 9001 -l /tmp/nfcap-test\n```\n\nIn a seperate console, run the netflow-generator pointing at an IP on the host the collector is running on (in this case the VM has an IP of 192.168.1.113).\n\n```\nsudo docker run -it --rm networkstatic/nflow-generator -t 192.168.1.113 -p 9001\n```\n\n- You should start seeing records displayed to the output of the screen running nfcapd like the following.\n\n```\n$\u003e nfcapd -E -p 9001 -l /tmp/nfcap-test\nAdd extension: 2 byte input/output interface index\nAdd extension: 4 byte input/output interface index\nAdd extension: 2 byte src/dst AS number\nAdd extension: 4 byte src/dst AS number\nBound to IPv4 host/IP: any, Port: 9001\nStartup.\nInit IPFIX: Max number of IPFIX tags: 62\n\nFlow Record:\n Flags = 0x00 FLOW, Unsampled\n export sysid = 1\n size = 56\n first = 1552592037 [2019-03-14 15:33:57]\n last = 1552592038 [2019-03-14 15:33:58]\n msec_first = 973\n msec_last = 414\n src addr = 112.10.20.10\n dst addr = 172.30.190.10\n src port = 40\n dst port = 80\n fwd status = 0\n tcp flags = 0x00 ......\n proto = 6 TCP\n (src)tos = 0\n (in)packets = 792\n (in)bytes = 23\n input = 0\n output = 0\n src as = 48730\n dst as = 15401\n\n\nFlow Record:\n Flags = 0x00 FLOW, Unsampled\n export sysid = 1\n size = 56\n first = 1552592038 [2019-03-14 15:33:58]\n last = 1552592038 [2019-03-14 15:33:58]\n msec_first = 229\n msec_last = 379\n src addr = 192.168.20.10\n dst addr = 202.12.190.10\n src port = 40\n dst port = 443\n fwd status = 0\n tcp flags = 0x00 ......\n proto = 6 TCP\n (src)tos = 0\n (in)packets = 599\n (in)bytes = 602\n input = 0\n output = 0\n src as = 1115\n dst as = 50617\n\n```\n\n### Notes\n\nThe original mock netflow generator placed random values in several fields which confused \ncertain netflow collectors that complained about inaccurate time stamps, \nand were confused by the random values sent in the input and output interface fields. \n\nChanges:\n\n* Sets the `SysUptime`, `unix_secs`, and `unix_nsecs` fields of the Netflow datagrams to sensible (UTC) values\n* Generates a unique `flow_sequence` value for each netflow datagram\n* Creates reasonable start/stop times for flows, so the First is set to (now-X) and Last to (now-Y), where X \u0026 Y are random times, and X \u003e Y.\n* If the --false-index (-f) flag is set on the command line, \nuse this algorithm to set the interface indexes to 1 or 2:\nIf the source address \u003e dest address, input interface is set to 1, and set to 2 otherwise,\nand the output interface is set to the opposite value.\nIf the -f is missing, both snmp interface indexes will be set to 0. [Default]\n\nTo learn more about Netflow version 5 datagram formats, see the [Cisco Netflow documentation](http://www.cisco.com/c/en/us/td/docs/net_mgmt/netflow_collection_engine/3-6/user/guide/format.html)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnerdalert%2Fnflow-generator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnerdalert%2Fnflow-generator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnerdalert%2Fnflow-generator/lists"}