Sharing my hands-on experience on some of the free NetFlow generators. I use Paessler NetFlow Generator
for quick test, Flowalyzer™ NetFlow Generator
for complicated flow creation and flowgen
for automated performance testing.
Screenshot:
Pros:
- Light weight tool works on Windows. (It worked on Windows 10)
- Easy configuration with the simple GUI. The flow interval is flexible - you can even specify less than a milliseconds and it is really useful for a quick performance testing.
Cons:
- Only supports v5 flow
- Some fields in a packet are missing. For example, it fills packet size field with zero and some of the NetFlow collector which checks each fields may discard the flows. eg.
Screenshot:
Pros:
- Supports v5/v9/IPFIX
- Works on Windows10
- Supports not only generator but listner, configuratior, trender, and communicator
- Supports detailed configuration
Cons:
- Flow Interval does not support less than a millisecond. Hard to use for a performance testing
Screenshot:
$ ./flowgen
Usage: flowgen [options] [flowrec-options] <collector>
options:
-n, --count <num>
-p, --port <num>
-V, --version <version>
-f, --flowrec <# of flow records in packet>
-d, --debug <debug level>
-N, --nosend
-h, --help
flowrec-options:
-w, --wait <wait time>
-i, --interval <interval>
--enginetype <engine type>
--engineid <engine id>
--srcaddr <src ip address>
--dstaddr <dst ip address>
--nexthop <nexthop ip address>
--inputif <input IfIndex>
--outputif <output IfIndex>
--packets <# of packets>
--octets <# of octets>
--firstseen <first seen>
--lastseen <last seen>
--srcport <src port>
--dstport <dst port>
--tcpflags <tcp flags>
--protocol <protocol number>
--tos <tos value>
--srcas <src AS#>
--dstas <dst AS#>
--srcmask <src subnet mask length>
--dstmask <dst subnet mask length>
Numbers can be expressed using the following meta characters:
111 (static)
111-222 (sequential)
111:222 (random)
100@70,200@20,300@10 (probabilistic)
Pros:
- Works on Unix :)
- Very much configurable
- Good for performance testing, autometed one.
Cons:
- Only supports v5 flow
Screenshot
root@tcpreplay:/tcpreplay# tcpreplay -i eth0 -K --mbps 10000 bigFlows.pcap
File Cache is enabled
Actual: 791615 packets (355417784 bytes) sent in 1.04 seconds.
Rated: 245153585.1 Bps, 1961.22 Mbps, 546025.73 pps
Flows: 40686 flows, 28063.64 fps, 791179 flow packets, 436 non-flow
Statistics for network device: eth0
Attempted packets: 791615
Successful packets: 791615
Failed packets: 0
Truncated packets: 0
Retried packets (ENOBUFS): 0
Retried packets (EAGAIN): 0
root@tcpreplay:/tcpreplay# tcpreplay -i eth0 -K --mbps 1000 bigFlows.pcap
File Cache is enabled
Actual: 791615 packets (355417784 bytes) sent in 2.08 seconds.
Rated: 124999836.1 Bps, 999.99 Mbps, 278409.66 pps
Flows: 40686 flows, 14309.19 fps, 791179 flow packets, 436 non-flow
Statistics for network device: eth0
Attempted packets: 791615
Successful packets: 791615
Failed packets: 0
Truncated packets: 0
Retried packets (ENOBUFS): 0
Retried packets (EAGAIN): 0
root@tcpreplay:/tcpreplay# tcpreplay -i eth0 -K --mbps 1000 --loop 10 bigFlows.pcap
File Cache is enabled
Actual: 7916150 packets (3554177840 bytes) sent in 28.04 seconds.
Rated: 124999915.2 Bps, 999.99 Mbps, 278409.83 pps
Flows: 40686 flows, 1430.92 fps, 7911790 flow packets, 4360 non-flow
Statistics for network device: eth0
Attempted packets: 7916150
Successful packets: 7916150
Failed packets: 0
Truncated packets: 0
Retried packets (ENOBUFS): 0
Retried packets (EAGAIN): 0
root@tcpreplay:/tcpreplay# tcpreplay -i eth0 -K --mbps 1000 --loop 10 bigFlows.pcap
File Cache is enabled
Actual: 7916150 packets (3554177840 bytes) sent in 28.04 seconds.
Rated: 124999981.1 Bps, 999.99 Mbps, 278409.98 pps
Flows: 40686 flows, 1430.92 fps, 7911790 flow packets, 4360 non-flow
Statistics for network device: eth0
Attempted packets: 7916150
Successful packets: 7916150
Failed packets: 0
Truncated packets: 0
Retried packets (ENOBUFS): 0
Retried packets (EAGAIN): 0
root@tcpreplay:/tcpreplay# tcpreplay -i eth0 -K --mbps 1000 --loop 10 smallFlows.pcapFlows.pcap
File Cache is enabled
Pros:
- Works on Unix :)
Cons:
- Need pcap file since it basically replays from a captured file