Scenario
I have a PCAP containing Netflow v10/ IPFIX data templates and data flows and would like to replay the PCAP. Before the packet is sent, I would like to update one of the flow data fields (i.e. startTime with the current time).
Current code
My current code is able to read the PCAP, grab the last layer (Netflowv10), create a socket and send the packet over the interface. The socket takes care of the Ethernet -> IP -> UDP layers, and the 'getlayer' function in Scapy preserves the Netflow v10 template & data flow layers as is from the donor PCAP.
Question
The issue I would like help with is, how do I update the startTime flow data field?.
Code
I have only provided the Python3 code relating to the issue in scope for this question, relating to Scapy
packets = sniff(session=NetflowSession, offline=open(pcap_file, "rb"))
for packet in packets:
if packet.haslayer(NetflowDataflowsetV9):
# This return the NetflowDateflowset Records key/value pairs
flowset = netflowv9_defragment(packet[NetflowDataflowsetV9].records)
Variable 'flowset' returns a list and isn't a callable object. Looking through Scapy's docs, there isn't a great deal of assistance provided.
Any pointers or suggestions would greatly be appreciated. Thank you in advance :)
from How do I update specific Netflow v10/ IPFIX flow data fields in Python3 Scapy?
No comments:
Post a Comment