Skip to content
/ sflow-packet-inspector Public

Parses sFlow log files looking for and flagging poorly constructed network traffic

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

andrewbonney/sflow-packet-inspector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
html
html
 
 
.flake8
.flake8
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
inspector.py
inspector.py
 
 

Repository files navigation

sFlow Packet Inspector

When run against a growing sFlow sampling file, this tool will attempt to identify cases of poorly constructed IP traffic.

This is intended for operation on small private networks.

Issues Detected

  • Sending to an incorrect MAC address for a given multicast IP
  • Sending to a multicast MAC address without a multicast IP
  • Sending to or from an all 0x00 MAC address
  • Sending to or from common testing MACs such as 'deadbeef'
  • Error and discard counts increasing on switch ports

TODO

  • Sending high volume multicast to groups not in the 232 or 239 ranges

Further issue detection may be added at a later date.

Requirements

  • Linux (untested on Windows and Mac)
  • Python 2.7

Usage

$ python inspector.py <sflow-filename>

About

Parses sFlow log files looking for and flagging poorly constructed network traffic

Topics

sflow multicast

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages