Read contents of a netflow package

Navigation
1

I'm developing a tool that captures every UDP packet passing through my firewall (an OpenBSD 5.4, simulated by a virtual machine), but I'm having trouble extracting the information I need from these packages.

My code is basically: 

try
{
DatagramSocket serverSocket = new DatagramSocket(9876);        
byte[] receiveData = new byte [1024];
DatagramPacket receivePacket = new DatagramPacket(receiveData, receiveData.length);
serverSocket.receive(receivePacket);
String sentence = new String(receivePacket.getData());
InetAddress IPAddress = receivePacket.getAddress();
Connection conn = DriverManager.getConnection(url, user, password);
String sql = "INSERT INTO tabela_netflow (fluxo) values (?)";
PreparedStatement statement = conn.prepareStatement(sql);
statement.setBytes(1,receivePacket.getData());
int row = statement.executeUpdate();
if (row > 0) 
{
   System.out.println("Pacote salvo:" +receivePacket.getData());
}

} catch (SQLException ex) 
{
   ex.printStackTrace();
}

The code works (the packages are being properly saved in the database), the problem is that I can not see the contents of the packages (I believe because it is in binary). Here is what I see when I click on "open value in editor" in MySQL:

Thenetflowheaderhasaknownformat,thatis,itispossibletoknowthefieldsandhowmanybyteseachtakes,theformatoftheheaderisthis: Netflow Header

My bank table is very simple, it only has code and flow, where flow is a varbinary (10000), ie, I'm first saving the whole stream, but I want to get and save each header field in a variable in the bank, in order to be able to manipulate it later. Does anyone have any idea how I could get the information that is in this package? I believe all the information is in the receivePacket.getData (), however I can not figure out how to separate the correct bytes to get the information contained in the header ..

Remembering that it is a package in the Netflow format, if you have a client that sends a common package (code very similar to this, it usually sends a string to the collector), receivePacket.getData () will have the value of String sent, that is, it is not the case that fits my problem.

Can anyone help me?

    
asked by anonymous 22.08.2014 / 07:57

1 answer

1

From what I understand of your question, you want to separate each information according to the format of the netflow package. Then you would simply manipulate an array of bytes: 

private void manipularStream(byte[] dadosCabecalho) throws IOException {
    ByteArrayOutputStream out = new ByteArrayOutputStream();
    out.write(dadosCabecalho,0,2); //lê os bytes 0 e 1
    String versao=out.toString("UTF-8");
    out.reset();
    out.write(dadosCabecalho,2,2); //lê os bytes 2 e 3
    String count=out.toString("UTF-8");
    ... //faça o mesmo para os outros campos
}
    
22.08.2014 / 14:05
VFP - SQLEXEC is returning DATE field as CHAR Error while changing application template C # asp.net