1f7d24e3fSHanoh Haim## This file is part of Scapy
2f7d24e3fSHanoh Haim## See http://www.secdev.org/projects/scapy for more informations
3f7d24e3fSHanoh Haim## Copyright (C) Philippe Biondi <phil@secdev.org>
4f7d24e3fSHanoh Haim## This program is published under a GPLv2 license
5f7d24e3fSHanoh Haim
6f7d24e3fSHanoh Haim"""
7f7d24e3fSHanoh HaimCisco NetFlow protocol v1
8f7d24e3fSHanoh Haim"""
9f7d24e3fSHanoh Haim
10f7d24e3fSHanoh Haim
11f7d24e3fSHanoh Haimfrom scapy.fields import *
12f7d24e3fSHanoh Haimfrom scapy.packet import *
13f7d24e3fSHanoh Haim
14f7d24e3fSHanoh Haim# Cisco Netflow Protocol version 1
15f7d24e3fSHanoh Haimclass NetflowHeader(Packet):
16f7d24e3fSHanoh Haim  name = "Netflow Header"
17f7d24e3fSHanoh Haim  fields_desc = [ ShortField("version", 1) ]
18f7d24e3fSHanoh Haim
19f7d24e3fSHanoh Haimclass NetflowHeaderV1(Packet):
20f7d24e3fSHanoh Haim  name = "Netflow Header V1"
21f7d24e3fSHanoh Haim  fields_desc = [ ShortField("count", 0),
22f7d24e3fSHanoh Haim          IntField("sysUptime", 0),
23f7d24e3fSHanoh Haim          IntField("unixSecs", 0),
24f7d24e3fSHanoh Haim          IntField("unixNanoSeconds", 0) ]
25f7d24e3fSHanoh Haim
26f7d24e3fSHanoh Haim
27f7d24e3fSHanoh Haimclass NetflowRecordV1(Packet):
28f7d24e3fSHanoh Haim  name = "Netflow Record"
29f7d24e3fSHanoh Haim  fields_desc = [ IPField("ipsrc", "0.0.0.0"),
30f7d24e3fSHanoh Haim          IPField("ipdst", "0.0.0.0"),
31f7d24e3fSHanoh Haim          IPField("nexthop", "0.0.0.0"),
32f7d24e3fSHanoh Haim          ShortField("inputIfIndex", 0),
33f7d24e3fSHanoh Haim          ShortField("outpuIfIndex", 0),
34f7d24e3fSHanoh Haim          IntField("dpkts", 0),
35f7d24e3fSHanoh Haim          IntField("dbytes", 0),
36f7d24e3fSHanoh Haim          IntField("starttime", 0),
37f7d24e3fSHanoh Haim          IntField("endtime", 0),
38f7d24e3fSHanoh Haim          ShortField("srcport", 0),
39f7d24e3fSHanoh Haim          ShortField("dstport", 0),
40f7d24e3fSHanoh Haim          ShortField("padding", 0),
41f7d24e3fSHanoh Haim          ByteField("proto", 0),
42f7d24e3fSHanoh Haim          ByteField("tos", 0),
43f7d24e3fSHanoh Haim          IntField("padding1", 0),
44f7d24e3fSHanoh Haim          IntField("padding2", 0) ]
45f7d24e3fSHanoh Haim
46f7d24e3fSHanoh Haim
47f7d24e3fSHanoh Haimbind_layers( NetflowHeader,  NetflowHeaderV1, version=1)
48f7d24e3fSHanoh Haimbind_layers( NetflowHeaderV1, NetflowRecordV1, )
49