Question: can nfcapd collect flows on a TCP port ? #609
Comments
|
Well - IPFIX is not defined to be transported over TCP, as far as I know. However, you would need to change the socket code, in order to switch to TCP. Although this is not a big issue, you would need an exporter, which can send IPFIX over TCP. |
|
Thank you for your response! Yes I have an exporter sending IPFIX over TCP. |
Please have a look at the section Template Management in RFC7011. There are differences in the template management between TCP, SCTP and UDP as transport protocol. |
|
Thanks @matwei . I'll have a look at that. I real life, I have never came across to SCTP or TCP, as almost no one implements that. If I am going to implement other protocols, I need to be able to test all those scenarios properly. So far I have no SCTP or TCP exporter an my fingers. Any pointers are welcome! If it turns out, that SCTP or TCP is a need, I am happy to implement that. @nikita1211 Besides the socket code in nfnet.c, you need to change the data accept part in nfcapd.c - |
|
I also didn't see an IPFIX exporter using SCTP or TCP before. After some searching I found ipfixprobe from CESNET, that seems to be able to use tcp. |
Hi, I am looking for an IPFIX collector to receive traffic on a TCP port. I noticed that nfcapd uses a datagram socket to listen on a UDP port.
I want the channel to be a connection oriented one, any suggestions ? With socket changes will nfcapd be able to accept IPFIX traffic on a TCP port ?
Thank you!
The text was updated successfully, but these errors were encountered: