Skip to content

Instantly share code, notes, and snippets.

@narutaro

narutaro/netflow_generator_hands_on.md

Last active September 1, 2021 03:17
Show Gist options
  • Star 6 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save narutaro/1c96b189f6c2b171ed62 to your computer and use it in GitHub Desktop.
Save narutaro/1c96b189f6c2b171ed62 to your computer and use it in GitHub Desktop.
Download ZIP
Comparing NetFlow generators
Raw
netflow_generator_hands_on.md

Comparing NetFlow generators

Sharing my hands-on experience on some of the free NetFlow generators. I use Paessler NetFlow Generator for quick test, Flowalyzer™ NetFlow Generator for complicated flow creation and flowgen for automated performance testing.

Paessler NetFlow Generator

Screenshot:

image

Pros:

  • Light weight tool works on Windows. (It worked on Windows 10)
  • Easy configuration with the simple GUI. The flow interval is flexible - you can even specify less than a milliseconds and it is really useful for a quick performance testing.

Cons:

  • Only supports v5 flow
  • Some fields in a packet are missing. For example, it fills packet size field with zero and some of the NetFlow collector which checks each fields may discard the flows. eg.

Flowalyzer™ NetFlow Generator

Screenshot:

image

Pros:

  • Supports v5/v9/IPFIX
  • Works on Windows10
  • Supports not only generator but listner, configuratior, trender, and communicator
  • Supports detailed configuration

Cons:

  • Flow Interval does not support less than a millisecond. Hard to use for a performance testing

flowgen

Screenshot:

$ ./flowgen
Usage: flowgen [options] [flowrec-options] <collector>
 options:
   -n, --count <num>
   -p, --port <num>
   -V, --version <version>
   -f, --flowrec <# of flow records in packet>
   -d, --debug <debug level>
   -N, --nosend
   -h, --help
 flowrec-options:
   -w, --wait <wait time>
   -i, --interval <interval>
   --enginetype <engine type>
   --engineid <engine id>
   --srcaddr <src ip address>
   --dstaddr <dst ip address>
   --nexthop <nexthop ip address>
   --inputif <input IfIndex>
   --outputif <output IfIndex>
   --packets <# of packets>
   --octets <# of octets>
   --firstseen <first seen>
   --lastseen <last seen>
   --srcport <src port>
   --dstport <dst port>
   --tcpflags <tcp flags>
   --protocol <protocol number>
   --tos <tos value>
   --srcas <src AS#>
   --dstas <dst AS#>
   --srcmask <src subnet mask length>
   --dstmask <dst subnet mask length>

  Numbers can be expressed using the following meta characters:
    111      (static)
    111-222  (sequential)
    111:222  (random)
    100@70,200@20,300@10   (probabilistic)

Pros:

  • Works on Unix :)
  • Very much configurable
  • Good for performance testing, autometed one.

Cons:

  • Only supports v5 flow

Tcpreplay

Screenshot

root@tcpreplay:/tcpreplay# tcpreplay -i eth0 -K --mbps 10000 bigFlows.pcap 
File Cache is enabled
Actual: 791615 packets (355417784 bytes) sent in 1.04 seconds.
Rated: 245153585.1 Bps, 1961.22 Mbps, 546025.73 pps
Flows: 40686 flows, 28063.64 fps, 791179 flow packets, 436 non-flow
Statistics for network device: eth0
	Attempted packets:         791615
	Successful packets:        791615
	Failed packets:            0
	Truncated packets:         0
	Retried packets (ENOBUFS): 0
	Retried packets (EAGAIN):  0
root@tcpreplay:/tcpreplay# tcpreplay -i eth0 -K --mbps 1000 bigFlows.pcap 
File Cache is enabled
Actual: 791615 packets (355417784 bytes) sent in 2.08 seconds.
Rated: 124999836.1 Bps, 999.99 Mbps, 278409.66 pps
Flows: 40686 flows, 14309.19 fps, 791179 flow packets, 436 non-flow
Statistics for network device: eth0
	Attempted packets:         791615
	Successful packets:        791615
	Failed packets:            0
	Truncated packets:         0
	Retried packets (ENOBUFS): 0
	Retried packets (EAGAIN):  0
root@tcpreplay:/tcpreplay# tcpreplay -i eth0 -K --mbps 1000 --loop 10 bigFlows.pcap 
File Cache is enabled
Actual: 7916150 packets (3554177840 bytes) sent in 28.04 seconds.
Rated: 124999915.2 Bps, 999.99 Mbps, 278409.83 pps
Flows: 40686 flows, 1430.92 fps, 7911790 flow packets, 4360 non-flow
Statistics for network device: eth0
	Attempted packets:         7916150
	Successful packets:        7916150
	Failed packets:            0
	Truncated packets:         0
	Retried packets (ENOBUFS): 0
	Retried packets (EAGAIN):  0
root@tcpreplay:/tcpreplay# tcpreplay -i eth0 -K --mbps 1000 --loop 10 bigFlows.pcap 
File Cache is enabled
Actual: 7916150 packets (3554177840 bytes) sent in 28.04 seconds.
Rated: 124999981.1 Bps, 999.99 Mbps, 278409.98 pps
Flows: 40686 flows, 1430.92 fps, 7911790 flow packets, 4360 non-flow
Statistics for network device: eth0
	Attempted packets:         7916150
	Successful packets:        7916150
	Failed packets:            0
	Truncated packets:         0
	Retried packets (ENOBUFS): 0
	Retried packets (EAGAIN):  0
root@tcpreplay:/tcpreplay# tcpreplay -i eth0 -K --mbps 1000 --loop 10 smallFlows.pcapFlows.pcap 
File Cache is enabled

Pros:

  • Works on Unix :)

Cons:

  • Need pcap file since it basically replays from a captured file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment