Using LiveNX to Visualize flows during simulated network attacks (0ver 40 routers)

netflow

#1

I am using 40+ Vyatta and 3 cysco devices to simulate an enterprise network. I was handed LiveNX as a visualization tool that the stakeholders can use to see the flow from the attacker to the victim. This would be awesome IF netflow worked. I get flows but they are disjointed in such a way that I cannot track flows through the routers from the attacker to the target. I can see the flows all the way through the cisco and checkpoint virtual devices.

I see temporary fixes for this back in 2015 and a request for enhancement at that time. However, It has not been added the workaround posted below did not seem to work for me.

I am attempting to modify this for a visual representation for the brass. Hopefully this is something that is coming? But are there any other tweaks that I could try to tie netflow end to end. Hopefully this makes sense?

VyOS 1.1.6

flow%20config

Jud


#2

Hello
1.1.6 is very old
you better to start looking into 1.2 as we not going to anything on 1.1.x


#3

Yes I see 1.2 is in beta and I am only a version or two behind the 1.1.8 stable release. That should not cause the issues and I cannot update to a beta version as there is not time.


#4

there is huge difference between 1.1.x and 1.2.x


#5

Well that was not the issue

The issue is that the interface either input or output on every conversation is coming from or going to the null interface. The data coming into the collector from all the routers is tagged with either the incoming port or outgoing port as “Null 0”. How do I fix that. I tried with the latest and greatest and see no difference. How do I fix the traffic going out to the collector.