Closed yusufozturk closed 1 year ago
lspgn
commented
1 year ago Hello Could you give me more information on what you mean by Application IDs. From my quick research it seems quite far from NetFlow/sFlow and I didn't find protocol info yet. So this may be out of scope. Do you have packet capture samples?
yusufozturk
commented
1 year ago I think this library already supports NBAR. When I did a quick look, I didn't see anything about NBAR, so I thought it does not support it.
If device supports NBAR, it sends the application id in the "Application ID" field, here is the Wireshark screenshot:
So it's 95 for Application ID. Here is the definition in this library:
So it's actually exist in the library but when I look at pb\flow.proto, I don't see Application ID. Is that a problem? I think I can use one of the CustomBytes for that, right?
Thanks for quick help btw.
lspgn
commented
1 year ago Yes you can use the special mapping (CustomBytes should work).
The library knows about those fields but they are not necessarily mapped.
You could also extend the proto and create a new integer for application ID but you still need to have the mapping. Unless you edit the producer files.
yusufozturk
commented
1 year ago Thanks, I will do that.
Hi! Thanks for this library :)
Is there any plan to add Cisco NBAR support to handle Application IDs in the future?
Thanks.