Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- const collector = require('./netflowv9.js');
- const netmask = require('netmask').Netmask;
- const mysql = require('mysql');
- const connection = mysql.createConnection({
- host:'localhost',
- user:'root',
- password:'',
- database:'nat'
- });
- const blocks = [
- // list subnets that you wish to log translations..
- new netmask('100.64.200.0/24'),
- ];
- function logTranslation(unixTime, lanSrcAddr, lanSrcPort,
- postNatSrcAddr, postNatSrcPort, dstAddr, dstPort) {
- var query = "INSERT INTO nat_translations VALUES (" + unixTime
- + ",INET_ATON('" + lanSrcAddr + "')," + lanSrcPort + ",INET_ATON('"
- + postNatSrcAddr + "')," + postNatSrcPort + ",INET_ATON('" + dstAddr
- + "')," + dstPort + ")";
- connection.query(query, function(err, rows, fields) {
- if (err) {
- console.error('error logging translation: ' + err.stack);
- }
- });
- }
- collector(function(flowrecord) {
- var unixTime = flowrecord['header']['seconds'];
- var flows = flowrecord['flows'];
- for (var flow in flows) {
- var f = flows[flow];
- if (f['protocol'] != 6) {
- // only log TCP translations
- continue;
- }
- var src = f['ipv4_src_addr'];
- var isNat = false;
- for (var block in blocks) {
- if (blocks[block].contains(src)) {
- isNat = true;
- break;
- }
- }
- if (!isNat) {
- continue;
- }
- var natSrcAddr = f['postNATSourceIPv4Address'];
- if (src == natSrcAddr) {
- // when internal IP matches natted IP (anomaly I have not figured out)
- continue;
- }
- var dst = f['ipv4_dst_addr'];
- var dstPort = f['l4_dst_port'];
- var srcPort = f['l4_src_port'];
- var natSrcPort = f['postNAPTSourceTransportPort'];
- logTranslation(unixTime, src, srcPort, natSrcAddr, natSrcPort, dst, dstPort);
- //console.log(f)
- }
- }).listen(3241);
- process.on('SIGINT', function() {
- connection.end();
- process.exit();
- });
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement