simulate
Simulates first N packets of new flow mirroring feature.
usage: python3 -m flow_models.first_mirror.simulate [-h]
[-i {csv_flow,pipe,nfcapd,binary}]
[-o {csv_series}]
[-O OUTPUT]
[--skip-in SKIP_IN]
[--count-in COUNT_IN]
[--skip-out SKIP_OUT]
[--count-out COUNT_OUT]
[--filter-expr FILTER_EXPR]
[--mirror MIRROR]
in_files [in_files ...]
Positional Arguments
- in_files
input files or directories
Named Arguments
- -i, --in-format
Possible choices: csv_flow, pipe, nfcapd, binary
format of input files
Default:
'nfcapd'- -o, --out-format
Possible choices: csv_series
format of output
Default:
'csv_series'- -O, --output
directory for output
Default:
'.'- --skip-in
number of flows to skip at the beginning of input
Default:
0- --count-in
limit for number of flows to read from input
- --skip-out
number of flows to skip after filtering
Default:
0- --count-out
limit for number of flows to output after filtering
- --filter-expr
expression of filter
- --mirror
mirror first N packets
Default:
0
This tool can be used to simulate first N packets of new flow mirroring feature.
To filter flow records, the filter expressions should be specified. Filter expression should use the Python syntax. Bitwise (&, |, ~) operators should be used instead logical ones (and, or, not). The following fields are available:
af, prot, inif, outif, sa0, sa1, sa2, sa3, da0, da1, da2, da3, sp, dp, first, first_ms, last, last_ms, packets, octets, aggs
Skipping of flow records can be done with skip_in, count_in, skip_out, count_out parameters. They specify how many flow records should be skipped (skip_in) and then read (count_in) from input and to be skipped (skip_out) and written (count_out) after filtering.
Example: (simulates mirroring of first 3 packets of a flow to control plane)
flow_models.first_mirror.simulate -i binary -O mirror_3 –mirror 3 sorted