RubyGems - logstash-codec-netflow - Versions diffs - 4.1.0 → 4.1.1 - Mend

logstash-codec-netflow 4.1.0 → 4.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/CONTRIBUTORS +1 -0
data/docs/index.asciidoc +8 -6
data/lib/logstash/codecs/netflow.rb +151 -80
data/logstash-codec-netflow.gemspec +1 -1
data/spec/codecs/benchmarks/flowStartMilliseconds.rb +73 -0
data/spec/codecs/benchmarks/ipfix_bench_sonicwall.py +209 -0
data/spec/codecs/benchmarks/ipfix_bench_yaf.py +1078 -0
metadata +161 -153

data/spec/codecs/benchmarks/ipfix_bench_yaf.py ADDED

@@ -0,0 +1,1078 @@
+#!/usr/bin/env python2
+import socket
+import sys
+import time
+# IPFIX template
+tpl = "000a03605b6cb59300008a310000000000020228c013000600b80004800e000100001ad7800f000100001ad7c00e000100001ad7c00f000100001ad780b8000400007279c015001781f6000800001ad781f7000800001ad781f8000800001ad700df000481f4000400001ad781f5000400001ad781fe000400001ad781f9000200001ad781fa000200001ad781fc000200001ad781fb000100001ad700d20001c1f6000800001ad7c1f7000800001ad7c1f8000800001ad780df000400007279c1f4000400001ad7c1f5000400001ad7c1fe000400001ad7c1f9000200001ad7c1fa000200001ad7c1fc000200001ad700d20002b301000e0098000800990008005500040056000400080004000c000400070002000b00028028000200001ad70004000100880001003a0002000500010125ffffc01800028012ffff00001ad7c012ffff00001ad7b80000270098000800990008005500088055000800007279005600088056000800007279000100088001000800007279000200088002000800007279001b0010001c001000080004000c000400070002000b00028028000200001ad7c028000200001ad7000400010088000100d200028015000400001ad700b8000480b8000400007279800e000100001ad7800f000100001ad7c00e000100001ad7c00f000100001ad7003a0002803a000200007279000a0004000e000400050001800500010000727900460003004700030048000300d200050125ffffc003000300b80004800e000100001ad7800f000100001ad70003007cd000000e000200a00008002a0008005600080087000800a4000800a700088064000400001ad78065000400001ad78068000400001ad78069000400001ad700820004009000048066000400001ad78067000400001ad7d001000400028227000200001ad78228000200001ad78226000400001ad70124ffff000200acd00200020090000401420004c00400020038000600500006c005000b81f6000800001ad781f7000800001ad781f8000800001ad700df000481f4000400001ad781f5000400001ad781fe000400001ad781f9000200001ad781fa000200001ad781fc000200001ad781fb000100001ad7c00900058121000800001ad78122000400001ad78123000200001ad78124000100001ad78125000100001ad7c00800018012ffff00001ad7".decode("hex")
+'''
+Cisco NetFlow/IPFIX
+    Version: 10
+    Length: 864
+    Timestamp: Aug  9, 2018 15:43:47.000000000 MDT
+        ExportTime: 1533851027
+    FlowSequence: 35377
+    Observation Domain Id: 0
+    Set 1 [id=2] (Data Template): 49171,49173,45825,49176,47104,49155
+        FlowSet Id: Data Template (V10 [IPFIX]) (2)
+        FlowSet Length: 552
+        Template (Id = 49171, Count = 6)
+            Template Id: 49171
+            Field Count: 6
+            Field (1/6): TCP_SEQ_NUM
+                0... .... .... .... = Pen provided: No
+                .000 0000 1011 1000 = Type: TCP_SEQ_NUM (184)
+                Length: 4
+            Field (2/6):  14 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0000 1110 = Type: 14 [pen: CERT Coordination Center]
+                Length: 1
+                PEN: CERT Coordination Center (6871)
+            Field (3/6):  15 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0000 1111 = Type: 15 [pen: CERT Coordination Center]
+                Length: 1
+                PEN: CERT Coordination Center (6871)
+            Field (4/6): 16398 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .100 0000 0000 1110 = Type: 16398 [pen: CERT Coordination Center]
+                Length: 1
+                PEN: CERT Coordination Center (6871)
+            Field (5/6): 16399 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .100 0000 0000 1111 = Type: 16399 [pen: CERT Coordination Center]
+                Length: 1
+                PEN: CERT Coordination Center (6871)
+            Field (6/6): TCP_SEQ_NUM [Reverse]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 1011 1000 = Type: TCP_SEQ_NUM (184) [Reverse]
+                Length: 4
+                PEN: IPFIX Reverse Information Element Private Enterprise (29305)
+        Template (Id = 49173, Count = 23)
+            Template Id: 49173
+            Field Count: 23
+            Field (1/23): 502 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 0110 = Type: 502 [pen: CERT Coordination Center]
+                Length: 8
+                PEN: CERT Coordination Center (6871)
+            Field (2/23): 503 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 0111 = Type: 503 [pen: CERT Coordination Center]
+                Length: 8
+                PEN: CERT Coordination Center (6871)
+            Field (3/23): 504 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 1000 = Type: 504 [pen: CERT Coordination Center]
+                Length: 8
+                PEN: CERT Coordination Center (6871)
+            Field (4/23): tcpUrgTotalCount
+                0... .... .... .... = Pen provided: No
+                .000 0000 1101 1111 = Type: tcpUrgTotalCount (223)
+                Length: 4
+            Field (5/23): 500 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 0100 = Type: 500 [pen: CERT Coordination Center]
+                Length: 4
+                PEN: CERT Coordination Center (6871)
+            Field (6/23): 501 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 0101 = Type: 501 [pen: CERT Coordination Center]
+                Length: 4
+                PEN: CERT Coordination Center (6871)
+            Field (7/23): 510 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 1110 = Type: 510 [pen: CERT Coordination Center]
+                Length: 4
+                PEN: CERT Coordination Center (6871)
+            Field (8/23): 505 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 1001 = Type: 505 [pen: CERT Coordination Center]
+                Length: 2
+                PEN: CERT Coordination Center (6871)
+            Field (9/23): 506 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 1010 = Type: 506 [pen: CERT Coordination Center]
+                Length: 2
+                PEN: CERT Coordination Center (6871)
+            Field (10/23): 508 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 1100 = Type: 508 [pen: CERT Coordination Center]
+                Length: 2
+                PEN: CERT Coordination Center (6871)
+            Field (11/23): 507 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 1011 = Type: 507 [pen: CERT Coordination Center]
+                Length: 1
+                PEN: CERT Coordination Center (6871)
+            Field (12/23): paddingOctets
+                0... .... .... .... = Pen provided: No
+                .000 0000 1101 0010 = Type: paddingOctets (210)
+                Length: 1
+            Field (13/23): 16886 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .100 0001 1111 0110 = Type: 16886 [pen: CERT Coordination Center]
+                Length: 8
+                PEN: CERT Coordination Center (6871)
+            Field (14/23): 16887 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .100 0001 1111 0111 = Type: 16887 [pen: CERT Coordination Center]
+                Length: 8
+                PEN: CERT Coordination Center (6871)
+            Field (15/23): 16888 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .100 0001 1111 1000 = Type: 16888 [pen: CERT Coordination Center]
+                Length: 8
+                PEN: CERT Coordination Center (6871)
+            Field (16/23): tcpUrgTotalCount [Reverse]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 1101 1111 = Type: tcpUrgTotalCount (223) [Reverse]
+                Length: 4
+                PEN: IPFIX Reverse Information Element Private Enterprise (29305)
+            Field (17/23): 16884 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .100 0001 1111 0100 = Type: 16884 [pen: CERT Coordination Center]
+                Length: 4
+                PEN: CERT Coordination Center (6871)
+            Field (18/23): 16885 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .100 0001 1111 0101 = Type: 16885 [pen: CERT Coordination Center]
+                Length: 4
+                PEN: CERT Coordination Center (6871)
+            Field (19/23): 16894 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .100 0001 1111 1110 = Type: 16894 [pen: CERT Coordination Center]
+                Length: 4
+                PEN: CERT Coordination Center (6871)
+            Field (20/23): 16889 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .100 0001 1111 1001 = Type: 16889 [pen: CERT Coordination Center]
+                Length: 2
+                PEN: CERT Coordination Center (6871)
+            Field (21/23): 16890 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .100 0001 1111 1010 = Type: 16890 [pen: CERT Coordination Center]
+                Length: 2
+                PEN: CERT Coordination Center (6871)
+            Field (22/23): 16892 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .100 0001 1111 1100 = Type: 16892 [pen: CERT Coordination Center]
+                Length: 2
+                PEN: CERT Coordination Center (6871)
+            Field (23/23): paddingOctets
+                0... .... .... .... = Pen provided: No
+                .000 0000 1101 0010 = Type: paddingOctets (210)
+                Length: 2
+        Template (Id = 45825, Count = 14)
+            Template Id: 45825
+            Field Count: 14
+            Field (1/14): flowStartMilliseconds
+                0... .... .... .... = Pen provided: No
+                .000 0000 1001 1000 = Type: flowStartMilliseconds (152)
+                Length: 8
+            Field (2/14): flowEndMilliseconds
+                0... .... .... .... = Pen provided: No
+                .000 0000 1001 1001 = Type: flowEndMilliseconds (153)
+                Length: 8
+            Field (3/14): BYTES_TOTAL
+                0... .... .... .... = Pen provided: No
+                .000 0000 0101 0101 = Type: BYTES_TOTAL (85)
+                Length: 4
+            Field (4/14): PACKETS_TOTAL
+                0... .... .... .... = Pen provided: No
+                .000 0000 0101 0110 = Type: PACKETS_TOTAL (86)
+                Length: 4
+            Field (5/14): IP_SRC_ADDR
+                0... .... .... .... = Pen provided: No
+                .000 0000 0000 1000 = Type: IP_SRC_ADDR (8)
+                Length: 4
+            Field (6/14): IP_DST_ADDR
+                0... .... .... .... = Pen provided: No
+                .000 0000 0000 1100 = Type: IP_DST_ADDR (12)
+                Length: 4
+            Field (7/14): L4_SRC_PORT
+                0... .... .... .... = Pen provided: No
+                .000 0000 0000 0111 = Type: L4_SRC_PORT (7)
+                Length: 2
+            Field (8/14): L4_DST_PORT
+                0... .... .... .... = Pen provided: No
+                .000 0000 0000 1011 = Type: L4_DST_PORT (11)
+                Length: 2
+            Field (9/14):  40 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0010 1000 = Type: 40 [pen: CERT Coordination Center]
+                Length: 2
+                PEN: CERT Coordination Center (6871)
+            Field (10/14): PROTOCOL
+                0... .... .... .... = Pen provided: No
+                .000 0000 0000 0100 = Type: PROTOCOL (4)
+                Length: 1
+            Field (11/14): flowEndReason
+                0... .... .... .... = Pen provided: No
+                .000 0000 1000 1000 = Type: flowEndReason (136)
+                Length: 1
+            Field (12/14): SRC_VLAN
+                0... .... .... .... = Pen provided: No
+                .000 0000 0011 1010 = Type: SRC_VLAN (58)
+                Length: 2
+            Field (13/14): IP_TOS
+                0... .... .... .... = Pen provided: No
+                .000 0000 0000 0101 = Type: IP_TOS (5)
+                Length: 1
+            Field (14/14): subTemplateMultiList
+                0... .... .... .... = Pen provided: No
+                .000 0001 0010 0101 = Type: subTemplateMultiList (293)
+                Length: 65535 [i.e.: "Variable Length"]
+        Template (Id = 49176, Count = 2)
+            Template Id: 49176
+            Field Count: 2
+            Field (1/2):  18 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0001 0010 = Type: 18 [pen: CERT Coordination Center]
+                Length: 65535 [i.e.: "Variable Length"]
+                PEN: CERT Coordination Center (6871)
+            Field (2/2): 16402 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .100 0000 0001 0010 = Type: 16402 [pen: CERT Coordination Center]
+                Length: 65535 [i.e.: "Variable Length"]
+                PEN: CERT Coordination Center (6871)
+        Template (Id = 47104, Count = 39)
+            Template Id: 47104
+            Field Count: 39
+            Field (1/39): flowStartMilliseconds
+                0... .... .... .... = Pen provided: No
+                .000 0000 1001 1000 = Type: flowStartMilliseconds (152)
+                Length: 8
+            Field (2/39): flowEndMilliseconds
+                0... .... .... .... = Pen provided: No
+                .000 0000 1001 1001 = Type: flowEndMilliseconds (153)
+                Length: 8
+            Field (3/39): BYTES_TOTAL
+                0... .... .... .... = Pen provided: No
+                .000 0000 0101 0101 = Type: BYTES_TOTAL (85)
+                Length: 8
+            Field (4/39): BYTES_TOTAL [Reverse]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0101 0101 = Type: BYTES_TOTAL (85) [Reverse]
+                Length: 8
+                PEN: IPFIX Reverse Information Element Private Enterprise (29305)
+            Field (5/39): PACKETS_TOTAL
+                0... .... .... .... = Pen provided: No
+                .000 0000 0101 0110 = Type: PACKETS_TOTAL (86)
+                Length: 8
+            Field (6/39): PACKETS_TOTAL [Reverse]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0101 0110 = Type: PACKETS_TOTAL (86) [Reverse]
+                Length: 8
+                PEN: IPFIX Reverse Information Element Private Enterprise (29305)
+            Field (7/39): BYTES
+                0... .... .... .... = Pen provided: No
+                .000 0000 0000 0001 = Type: BYTES (1)
+                Length: 8
+            Field (8/39): BYTES [Reverse]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0000 0001 = Type: BYTES (1) [Reverse]
+                Length: 8
+                PEN: IPFIX Reverse Information Element Private Enterprise (29305)
+            Field (9/39): PKTS
+                0... .... .... .... = Pen provided: No
+                .000 0000 0000 0010 = Type: PKTS (2)
+                Length: 8
+            Field (10/39): PKTS [Reverse]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0000 0010 = Type: PKTS (2) [Reverse]
+                Length: 8
+                PEN: IPFIX Reverse Information Element Private Enterprise (29305)
+            Field (11/39): IPV6_SRC_ADDR
+                0... .... .... .... = Pen provided: No
+                .000 0000 0001 1011 = Type: IPV6_SRC_ADDR (27)
+                Length: 16
+            Field (12/39): IPV6_DST_ADDR
+                0... .... .... .... = Pen provided: No
+                .000 0000 0001 1100 = Type: IPV6_DST_ADDR (28)
+                Length: 16
+            Field (13/39): IP_SRC_ADDR
+                0... .... .... .... = Pen provided: No
+                .000 0000 0000 1000 = Type: IP_SRC_ADDR (8)
+                Length: 4
+            Field (14/39): IP_DST_ADDR
+                0... .... .... .... = Pen provided: No
+                .000 0000 0000 1100 = Type: IP_DST_ADDR (12)
+                Length: 4
+            Field (15/39): L4_SRC_PORT
+                0... .... .... .... = Pen provided: No
+                .000 0000 0000 0111 = Type: L4_SRC_PORT (7)
+                Length: 2
+            Field (16/39): L4_DST_PORT
+                0... .... .... .... = Pen provided: No
+                .000 0000 0000 1011 = Type: L4_DST_PORT (11)
+                Length: 2
+            Field (17/39):  40 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0010 1000 = Type: 40 [pen: CERT Coordination Center]
+                Length: 2
+                PEN: CERT Coordination Center (6871)
+            Field (18/39): 16424 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .100 0000 0010 1000 = Type: 16424 [pen: CERT Coordination Center]
+                Length: 2
+                PEN: CERT Coordination Center (6871)
+            Field (19/39): PROTOCOL
+                0... .... .... .... = Pen provided: No
+                .000 0000 0000 0100 = Type: PROTOCOL (4)
+                Length: 1
+            Field (20/39): flowEndReason
+                0... .... .... .... = Pen provided: No
+                .000 0000 1000 1000 = Type: flowEndReason (136)
+                Length: 1
+            Field (21/39): paddingOctets
+                0... .... .... .... = Pen provided: No
+                .000 0000 1101 0010 = Type: paddingOctets (210)
+                Length: 2
+            Field (22/39):  21 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0001 0101 = Type: 21 [pen: CERT Coordination Center]
+                Length: 4
+                PEN: CERT Coordination Center (6871)
+            Field (23/39): TCP_SEQ_NUM
+                0... .... .... .... = Pen provided: No
+                .000 0000 1011 1000 = Type: TCP_SEQ_NUM (184)
+                Length: 4
+            Field (24/39): TCP_SEQ_NUM [Reverse]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 1011 1000 = Type: TCP_SEQ_NUM (184) [Reverse]
+                Length: 4
+                PEN: IPFIX Reverse Information Element Private Enterprise (29305)
+            Field (25/39):  14 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0000 1110 = Type: 14 [pen: CERT Coordination Center]
+                Length: 1
+                PEN: CERT Coordination Center (6871)
+            Field (26/39):  15 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0000 1111 = Type: 15 [pen: CERT Coordination Center]
+                Length: 1
+                PEN: CERT Coordination Center (6871)
+            Field (27/39): 16398 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .100 0000 0000 1110 = Type: 16398 [pen: CERT Coordination Center]
+                Length: 1
+                PEN: CERT Coordination Center (6871)
+            Field (28/39): 16399 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .100 0000 0000 1111 = Type: 16399 [pen: CERT Coordination Center]
+                Length: 1
+                PEN: CERT Coordination Center (6871)
+            Field (29/39): SRC_VLAN
+                0... .... .... .... = Pen provided: No
+                .000 0000 0011 1010 = Type: SRC_VLAN (58)
+                Length: 2
+            Field (30/39): SRC_VLAN [Reverse]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0011 1010 = Type: SRC_VLAN (58) [Reverse]
+                Length: 2
+                PEN: IPFIX Reverse Information Element Private Enterprise (29305)
+            Field (31/39): INPUT_SNMP
+                0... .... .... .... = Pen provided: No
+                .000 0000 0000 1010 = Type: INPUT_SNMP (10)
+                Length: 4
+            Field (32/39): OUTPUT_SNMP
+                0... .... .... .... = Pen provided: No
+                .000 0000 0000 1110 = Type: OUTPUT_SNMP (14)
+                Length: 4
+            Field (33/39): IP_TOS
+                0... .... .... .... = Pen provided: No
+                .000 0000 0000 0101 = Type: IP_TOS (5)
+                Length: 1
+            Field (34/39): IP_TOS [Reverse]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0000 0101 = Type: IP_TOS (5) [Reverse]
+                Length: 1
+                PEN: IPFIX Reverse Information Element Private Enterprise (29305)
+            Field (35/39): MPLS_LABEL_1
+                0... .... .... .... = Pen provided: No
+                .000 0000 0100 0110 = Type: MPLS_LABEL_1 (70)
+                Length: 3
+            Field (36/39): MPLS_LABEL_2
+                0... .... .... .... = Pen provided: No
+                .000 0000 0100 0111 = Type: MPLS_LABEL_2 (71)
+                Length: 3
+            Field (37/39): MPLS_LABEL_3
+                0... .... .... .... = Pen provided: No
+                .000 0000 0100 1000 = Type: MPLS_LABEL_3 (72)
+                Length: 3
+            Field (38/39): paddingOctets
+                0... .... .... .... = Pen provided: No
+                .000 0000 1101 0010 = Type: paddingOctets (210)
+                Length: 5
+            Field (39/39): subTemplateMultiList
+                0... .... .... .... = Pen provided: No
+                .000 0001 0010 0101 = Type: subTemplateMultiList (293)
+                Length: 65535 [i.e.: "Variable Length"]
+        Template (Id = 49155, Count = 3)
+            Template Id: 49155
+            Field Count: 3
+            Field (1/3): TCP_SEQ_NUM
+                0... .... .... .... = Pen provided: No
+                .000 0000 1011 1000 = Type: TCP_SEQ_NUM (184)
+                Length: 4
+            Field (2/3):  14 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0000 1110 = Type: 14 [pen: CERT Coordination Center]
+                Length: 1
+                PEN: CERT Coordination Center (6871)
+            Field (3/3):  15 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0000 1111 = Type: 15 [pen: CERT Coordination Center]
+                Length: 1
+                PEN: CERT Coordination Center (6871)
+    Set 2 [id=3] (Options Template): 53248,53249
+        FlowSet Id: Options Template (V10 [IPFIX]) (3)
+        FlowSet Length: 124
+        Options Template (Id = 53248) (Scope Count = 2; Data Count = 12)
+            Template Id: 53248
+            Total Field Count: 14
+            Scope Field Count: 2
+            Field (1/2) [Scope]: systemInitTimeMilliseconds
+                0... .... .... .... = Pen provided: No
+                .000 0000 1010 0000 = Type: systemInitTimeMilliseconds (160)
+                Length: 8
+            Field (2/2) [Scope]: TOTAL_FLOWS_EXP
+                0... .... .... .... = Pen provided: No
+                .000 0000 0010 1010 = Type: TOTAL_FLOWS_EXP (42)
+                Length: 8
+            Field (1/12): PACKETS_TOTAL
+                0... .... .... .... = Pen provided: No
+                .000 0000 0101 0110 = Type: PACKETS_TOTAL (86)
+                Length: 8
+            Field (2/12): DROPPED_PACKETS_TOTAL
+                0... .... .... .... = Pen provided: No
+                .000 0000 1000 0111 = Type: DROPPED_PACKETS_TOTAL (135)
+                Length: 8
+            Field (3/12): ignoredPacketTotalCount
+                0... .... .... .... = Pen provided: No
+                .000 0000 1010 0100 = Type: ignoredPacketTotalCount (164)
+                Length: 8
+            Field (4/12): notSentPacketTotalCount
+                0... .... .... .... = Pen provided: No
+                .000 0000 1010 0111 = Type: notSentPacketTotalCount (167)
+                Length: 8
+            Field (5/12): 100 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0110 0100 = Type: 100 [pen: CERT Coordination Center]
+                Length: 4
+                PEN: CERT Coordination Center (6871)
+            Field (6/12): 101 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0110 0101 = Type: 101 [pen: CERT Coordination Center]
+                Length: 4
+                PEN: CERT Coordination Center (6871)
+            Field (7/12): 104 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0110 1000 = Type: 104 [pen: CERT Coordination Center]
+                Length: 4
+                PEN: CERT Coordination Center (6871)
+            Field (8/12): 105 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0110 1001 = Type: 105 [pen: CERT Coordination Center]
+                Length: 4
+                PEN: CERT Coordination Center (6871)
+            Field (9/12): exporterIPv4Address
+                0... .... .... .... = Pen provided: No
+                .000 0000 1000 0010 = Type: exporterIPv4Address (130)
+                Length: 4
+            Field (10/12): FLOW_EXPORTER
+                0... .... .... .... = Pen provided: No
+                .000 0000 1001 0000 = Type: FLOW_EXPORTER (144)
+                Length: 4
+            Field (11/12): 102 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0110 0110 = Type: 102 [pen: CERT Coordination Center]
+                Length: 4
+                PEN: CERT Coordination Center (6871)
+            Field (12/12): 103 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0110 0111 = Type: 103 [pen: CERT Coordination Center]
+                Length: 4
+                PEN: CERT Coordination Center (6871)
+        Options Template (Id = 53249) (Scope Count = 2; Data Count = 2)
+            Template Id: 53249
+            Total Field Count: 4
+            Scope Field Count: 2
+            Field (1/2) [Scope]: 551 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0010 0010 0111 = Type: 551 [pen: CERT Coordination Center]
+                Length: 2
+                PEN: CERT Coordination Center (6871)
+            Field (2/2) [Scope]: 552 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0010 0010 1000 = Type: 552 [pen: CERT Coordination Center]
+                Length: 2
+                PEN: CERT Coordination Center (6871)
+            Field (1/2): 550 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0010 0010 0110 = Type: 550 [pen: CERT Coordination Center]
+                Length: 4
+                PEN: CERT Coordination Center (6871)
+            Field (2/2): subTemplateList
+                0... .... .... .... = Pen provided: No
+                .000 0001 0010 0100 = Type: subTemplateList (292)
+                Length: 65535 [i.e.: "Variable Length"]
+    Set 3 [id=2] (Data Template): 53250,49156,49157,49161,49160
+        FlowSet Id: Data Template (V10 [IPFIX]) (2)
+        FlowSet Length: 172
+        Template (Id = 53250, Count = 2)
+            Template Id: 53250
+            Field Count: 2
+            Field (1/2): FLOW_EXPORTER
+                0... .... .... .... = Pen provided: No
+                .000 0000 1001 0000 = Type: FLOW_EXPORTER (144)
+                Length: 4
+            Field (2/2): observationTimeSeconds
+                0... .... .... .... = Pen provided: No
+                .000 0001 0100 0010 = Type: observationTimeSeconds (322)
+                Length: 4
+        Template (Id = 49156, Count = 2)
+            Template Id: 49156
+            Field Count: 2
+            Field (1/2): SRC_MAC
+                0... .... .... .... = Pen provided: No
+                .000 0000 0011 1000 = Type: SRC_MAC (56)
+                Length: 6
+            Field (2/2): DESTINATION_MAC
+                0... .... .... .... = Pen provided: No
+                .000 0000 0101 0000 = Type: DESTINATION_MAC (80)
+                Length: 6
+        Template (Id = 49157, Count = 11)
+            Template Id: 49157
+            Field Count: 11
+            Field (1/11): 502 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 0110 = Type: 502 [pen: CERT Coordination Center]
+                Length: 8
+                PEN: CERT Coordination Center (6871)
+            Field (2/11): 503 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 0111 = Type: 503 [pen: CERT Coordination Center]
+                Length: 8
+                PEN: CERT Coordination Center (6871)
+            Field (3/11): 504 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 1000 = Type: 504 [pen: CERT Coordination Center]
+                Length: 8
+                PEN: CERT Coordination Center (6871)
+            Field (4/11): tcpUrgTotalCount
+                0... .... .... .... = Pen provided: No
+                .000 0000 1101 1111 = Type: tcpUrgTotalCount (223)
+                Length: 4
+            Field (5/11): 500 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 0100 = Type: 500 [pen: CERT Coordination Center]
+                Length: 4
+                PEN: CERT Coordination Center (6871)
+            Field (6/11): 501 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 0101 = Type: 501 [pen: CERT Coordination Center]
+                Length: 4
+                PEN: CERT Coordination Center (6871)
+            Field (7/11): 510 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 1110 = Type: 510 [pen: CERT Coordination Center]
+                Length: 4
+                PEN: CERT Coordination Center (6871)
+            Field (8/11): 505 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 1001 = Type: 505 [pen: CERT Coordination Center]
+                Length: 2
+                PEN: CERT Coordination Center (6871)
+            Field (9/11): 506 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 1010 = Type: 506 [pen: CERT Coordination Center]
+                Length: 2
+                PEN: CERT Coordination Center (6871)
+            Field (10/11): 508 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 1100 = Type: 508 [pen: CERT Coordination Center]
+                Length: 2
+                PEN: CERT Coordination Center (6871)
+            Field (11/11): 507 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 1111 1011 = Type: 507 [pen: CERT Coordination Center]
+                Length: 1
+                PEN: CERT Coordination Center (6871)
+        Template (Id = 49161, Count = 5)
+            Template Id: 49161
+            Field Count: 5
+            Field (1/5): 289 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 0010 0001 = Type: 289 [pen: CERT Coordination Center]
+                Length: 8
+                PEN: CERT Coordination Center (6871)
+            Field (2/5): 290 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 0010 0010 = Type: 290 [pen: CERT Coordination Center]
+                Length: 4
+                PEN: CERT Coordination Center (6871)
+            Field (3/5): 291 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 0010 0011 = Type: 291 [pen: CERT Coordination Center]
+                Length: 2
+                PEN: CERT Coordination Center (6871)
+            Field (4/5): 292 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 0010 0100 = Type: 292 [pen: CERT Coordination Center]
+                Length: 1
+                PEN: CERT Coordination Center (6871)
+            Field (5/5): 293 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0001 0010 0101 = Type: 293 [pen: CERT Coordination Center]
+                Length: 1
+                PEN: CERT Coordination Center (6871)
+        Template (Id = 49160, Count = 1)
+            Template Id: 49160
+            Field Count: 1
+            Field (1/1):  18 [pen: CERT Coordination Center]
+                1... .... .... .... = Pen provided: Yes
+                .000 0000 0001 0010 = Type: 18 [pen: CERT Coordination Center]
+                Length: 65535 [i.e.: "Variable Length"]
+                PEN: CERT Coordination Center (6871)
+'''
+data = "000a05875b6b68f5000088b200000000b30105770000015ded6dc31a0000015ded6dc32b00000528000000080ac8c91d12dcd028ad96005000000603000000ff000b03c003000a38334ace02190000015ded6dc31a0000015ded6dc32b000009b70000000712dcd0280ac8c91d0050ad9600000603000000ff000b03c003000a1745a14812190000015ded6dd6b80000015ded6dd6c300000528000000080ac8c91d12dcd028ad98005000000603000000ff000b03c003000a85b1530202190000015ded6dd6b90000015ded6dd6c3000009b70000000712dcd0280ac8c91d0050ad9800000603000000ff000b03c003000a3f3b674812190000015ded6dea500000015ded6dea5b00000531000000080ac8c91d12dcd028ad9a005000000603000000ff000b03c003000a026c56b402190000015ded6dea510000015ded6dea5b000009b70000000712dcd0280ac8c91d0050ad9a00000603000000ff000b03c003000acb867d0e12190000015ded6dfde80000015ded6dfdf200000531000000080ac8c91d12dcd028ad9c005000000603000000ff000b03c003000acb4dc8f502190000015ded6dfde90000015ded6dfdf2000009b70000000712dcd0280ac8c91d0050ad9c00000603000000ff000b03c003000a74f818c812190000015ded6e11800000015ded6e119400000528000000080ac8c91d12dcd028ad9e005000000603000000ff000b03c003000a929f7b7402190000015ded6e11800000015ded6e1194000009b70000000712dcd0280ac8c91d0050ad9e00000603000000ff000b03c003000ac86498bf12190000015ded6e25210000015ded6e252f0000052d000000080ac8c91d12dcd028ada0005000000603000000ff000b03c003000adbea55d802190000015ded6e25220000015ded6e252f000009b70000000712dcd0280ac8c91d0050ada000000603000000ff000b03c003000a886d0ec012190000015ded6e38b90000015ded6e38c400000528000000080ac8c91d12dcd028ada2005000000603000000ff000b03c003000a3dae2bc102190000015ded6e38ba0000015ded6e38c4000009b70000000712dcd0280ac8c91d0050ada200000603000000ff000b03c003000a452f533212190000015ded6e4c510000015ded6e4c6400000528000000080ac8c91d12dcd028ada4005000000603000000ff000b03c003000a0dbf625a02190000015ded6e4c510000015ded6e4c64000009b70000000712dcd0280ac8c91d0050ada400000603000000ff000b03c003000a3e60ed8012190000015ded69afe90000015ded69afe900000164000000010ac8c9010ac8c91d00000303000001010000c0ff0001030000015ded69afe80000015ded69bb7700000290000000020ac8c91d0ac8c9010044004300011101000000ff0001030000015ded69bb770000015ded69bb7700000166000000010ac8c9010ac8c91d0043004400001101000010ff0001030000015ded6e5fed0000015ded6e5ff800000528000000080ac8c91d12dcd028ada6005000000603000000ff000b03c003000a396b41ae02190000015ded6e5fee0000015ded6e5ff8000009b70000000712dcd0280ac8c91d0050ada600000603000000ff000b03c003000ae064716712190000015ded6e73860000015ded6e73980000052d000000080ac8c91d12dcd028ada8005000000603000000ff000b03c003000a2d7a9ea002190000015ded6e73860000015ded6e7398000009b70000000712dcd0280ac8c91d0050ada800000603000000ff000b03c003000ad64507af12190000015ded6e87250000015ded6e87300000052d000000080ac8c91d12dcd028adaa005000000603000000ff000b03c003000ae954052702190000015ded6e87260000015ded6e8730000009b70000000712dcd0280ac8c91d0050adaa00000603000000ff000b03c003000a4d792e001219".decode("hex")
+'''
+Cisco NetFlow/IPFIX
+    Version: 10
+    Length: 1415
+    Timestamp: Aug  8, 2018 16:04:37.000000000 MDT
+        ExportTime: 1533765877
+    FlowSequence: 34994
+    Observation Domain Id: 0
+    Set 1 [id=45825] (25 flows)
+        FlowSet Id: (Data) (45825)
+        FlowSet Length: 1399
+        [Template Frame: 214138]
+        Flow 1
+            [Duration: 0.017000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:42:59.866000000 MDT
+                EndTime: Aug 16, 2017 17:42:59.883000000 MDT
+            Permanent Octets: 1320
+            Permanent Packets: 8
+            SrcAddr: 10.200.201.29
+            DstAddr: 18.220.208.40
+            SrcPort: 44438
+            DstPort: 80
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a 38 33 4a ce 02 19
+                String_len_short: 255
+                String_len_short: 11
+        Flow 2
+            [Duration: 0.017000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:42:59.866000000 MDT
+                EndTime: Aug 16, 2017 17:42:59.883000000 MDT
+            Permanent Octets: 2487
+            Permanent Packets: 7
+            SrcAddr: 18.220.208.40
+            DstAddr: 10.200.201.29
+            SrcPort: 80
+            DstPort: 44438
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a 17 45 a1 48 12 19
+                String_len_short: 255
+                String_len_short: 11
+        Flow 3
+            [Duration: 0.011000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:04.888000000 MDT
+                EndTime: Aug 16, 2017 17:43:04.899000000 MDT
+            Permanent Octets: 1320
+            Permanent Packets: 8
+            SrcAddr: 10.200.201.29
+            DstAddr: 18.220.208.40
+            SrcPort: 44440
+            DstPort: 80
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a 85 b1 53 02 02 19
+        Flow 4
+            [Duration: 0.010000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:04.889000000 MDT
+                EndTime: Aug 16, 2017 17:43:04.899000000 MDT
+            Permanent Octets: 2487
+            Permanent Packets: 7
+            SrcAddr: 18.220.208.40
+            DstAddr: 10.200.201.29
+            SrcPort: 80
+            DstPort: 44440
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a 3f 3b 67 48 12 19
+        Flow 5
+            [Duration: 0.011000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:09.904000000 MDT
+                EndTime: Aug 16, 2017 17:43:09.915000000 MDT
+            Permanent Octets: 1329
+            Permanent Packets: 8
+            SrcAddr: 10.200.201.29
+            DstAddr: 18.220.208.40
+            SrcPort: 44442
+            DstPort: 80
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a 02 6c 56 b4 02 19
+        Flow 6
+            [Duration: 0.010000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:09.905000000 MDT
+                EndTime: Aug 16, 2017 17:43:09.915000000 MDT
+            Permanent Octets: 2487
+            Permanent Packets: 7
+            SrcAddr: 18.220.208.40
+            DstAddr: 10.200.201.29
+            SrcPort: 80
+            DstPort: 44442
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a cb 86 7d 0e 12 19
+        Flow 7
+            [Duration: 0.010000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:14.920000000 MDT
+                EndTime: Aug 16, 2017 17:43:14.930000000 MDT
+            Permanent Octets: 1329
+            Permanent Packets: 8
+            SrcAddr: 10.200.201.29
+            DstAddr: 18.220.208.40
+            SrcPort: 44444
+            DstPort: 80
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a cb 4d c8 f5 02 19
+        Flow 8
+            [Duration: 0.009000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:14.921000000 MDT
+                EndTime: Aug 16, 2017 17:43:14.930000000 MDT
+            Permanent Octets: 2487
+            Permanent Packets: 7
+            SrcAddr: 18.220.208.40
+            DstAddr: 10.200.201.29
+            SrcPort: 80
+            DstPort: 44444
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a 74 f8 18 c8 12 19
+        Flow 9
+            [Duration: 0.020000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:19.936000000 MDT
+                EndTime: Aug 16, 2017 17:43:19.956000000 MDT
+            Permanent Octets: 1320
+            Permanent Packets: 8
+            SrcAddr: 10.200.201.29
+            DstAddr: 18.220.208.40
+            SrcPort: 44446
+            DstPort: 80
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a 92 9f 7b 74 02 19
+        Flow 10
+            [Duration: 0.020000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:19.936000000 MDT
+                EndTime: Aug 16, 2017 17:43:19.956000000 MDT
+            Permanent Octets: 2487
+            Permanent Packets: 7
+            SrcAddr: 18.220.208.40
+            DstAddr: 10.200.201.29
+            SrcPort: 80
+            DstPort: 44446
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a c8 64 98 bf 12 19
+        Flow 11
+            [Duration: 0.014000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:24.961000000 MDT
+                EndTime: Aug 16, 2017 17:43:24.975000000 MDT
+            Permanent Octets: 1325
+            Permanent Packets: 8
+            SrcAddr: 10.200.201.29
+            DstAddr: 18.220.208.40
+            SrcPort: 44448
+            DstPort: 80
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a db ea 55 d8 02 19
+        Flow 12
+            [Duration: 0.013000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:24.962000000 MDT
+                EndTime: Aug 16, 2017 17:43:24.975000000 MDT
+            Permanent Octets: 2487
+            Permanent Packets: 7
+            SrcAddr: 18.220.208.40
+            DstAddr: 10.200.201.29
+            SrcPort: 80
+            DstPort: 44448
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a 88 6d 0e c0 12 19
+        Flow 13
+            [Duration: 0.011000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:29.977000000 MDT
+                EndTime: Aug 16, 2017 17:43:29.988000000 MDT
+            Permanent Octets: 1320
+            Permanent Packets: 8
+            SrcAddr: 10.200.201.29
+            DstAddr: 18.220.208.40
+            SrcPort: 44450
+            DstPort: 80
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a 3d ae 2b c1 02 19
+        Flow 14
+            [Duration: 0.010000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:29.978000000 MDT
+                EndTime: Aug 16, 2017 17:43:29.988000000 MDT
+            Permanent Octets: 2487
+            Permanent Packets: 7
+            SrcAddr: 18.220.208.40
+            DstAddr: 10.200.201.29
+            SrcPort: 80
+            DstPort: 44450
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a 45 2f 53 32 12 19
+        Flow 15
+            [Duration: 0.019000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:34.993000000 MDT
+                EndTime: Aug 16, 2017 17:43:35.012000000 MDT
+            Permanent Octets: 1320
+            Permanent Packets: 8
+            SrcAddr: 10.200.201.29
+            DstAddr: 18.220.208.40
+            SrcPort: 44452
+            DstPort: 80
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a 0d bf 62 5a 02 19
+        Flow 16
+            [Duration: 0.019000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:34.993000000 MDT
+                EndTime: Aug 16, 2017 17:43:35.012000000 MDT
+            Permanent Octets: 2487
+            Permanent Packets: 7
+            SrcAddr: 18.220.208.40
+            DstAddr: 10.200.201.29
+            SrcPort: 80
+            DstPort: 44452
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a 3e 60 ed 80 12 19
+        Flow 17
+            [Duration: 0.000000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:38:32.809000000 MDT
+                EndTime: Aug 16, 2017 17:38:32.809000000 MDT
+            Permanent Octets: 356
+            Permanent Packets: 1
+            SrcAddr: 10.200.201.1
+            DstAddr: 10.200.201.29
+            SrcPort: 0
+            DstPort: 771
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: ICMP (1)
+            Flow End Reason: Idle timeout (1)
+            Vlan Id: 0
+            IP ToS: 0xc0
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03
+        Flow 18
+            [Duration: 2.959000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:38:32.808000000 MDT
+                EndTime: Aug 16, 2017 17:38:35.767000000 MDT
+            Permanent Octets: 656
+            Permanent Packets: 2
+            SrcAddr: 10.200.201.29
+            DstAddr: 10.200.201.1
+            SrcPort: 68
+            DstPort: 67
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 01
+            Protocol: UDP (17)
+            Flow End Reason: Idle timeout (1)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03
+        Flow 19
+            [Duration: 0.000000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:38:35.767000000 MDT
+                EndTime: Aug 16, 2017 17:38:35.767000000 MDT
+            Permanent Octets: 358
+            Permanent Packets: 1
+            SrcAddr: 10.200.201.1
+            DstAddr: 10.200.201.29
+            SrcPort: 67
+            DstPort: 68
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: UDP (17)
+            Flow End Reason: Idle timeout (1)
+            Vlan Id: 0
+            IP ToS: 0x10
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03
+        Flow 20
+            [Duration: 0.011000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:40.013000000 MDT
+                EndTime: Aug 16, 2017 17:43:40.024000000 MDT
+            Permanent Octets: 1320
+            Permanent Packets: 8
+            SrcAddr: 10.200.201.29
+            DstAddr: 18.220.208.40
+            SrcPort: 44454
+            DstPort: 80
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a 39 6b 41 ae 02 19
+        Flow 21
+            [Duration: 0.010000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:40.014000000 MDT
+                EndTime: Aug 16, 2017 17:43:40.024000000 MDT
+            Permanent Octets: 2487
+            Permanent Packets: 7
+            SrcAddr: 18.220.208.40
+            DstAddr: 10.200.201.29
+            SrcPort: 80
+            DstPort: 44454
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a e0 64 71 67 12 19
+        Flow 22
+            [Duration: 0.018000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:45.030000000 MDT
+                EndTime: Aug 16, 2017 17:43:45.048000000 MDT
+            Permanent Octets: 1325
+            Permanent Packets: 8
+            SrcAddr: 10.200.201.29
+            DstAddr: 18.220.208.40
+            SrcPort: 44456
+            DstPort: 80
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a 2d 7a 9e a0 02 19
+        Flow 23
+            [Duration: 0.018000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:45.030000000 MDT
+                EndTime: Aug 16, 2017 17:43:45.048000000 MDT
+            Permanent Octets: 2487
+            Permanent Packets: 7
+            SrcAddr: 18.220.208.40
+            DstAddr: 10.200.201.29
+            SrcPort: 80
+            DstPort: 44456
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a d6 45 07 af 12 19
+        Flow 24
+            [Duration: 0.011000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:50.053000000 MDT
+                EndTime: Aug 16, 2017 17:43:50.064000000 MDT
+            Permanent Octets: 1325
+            Permanent Packets: 8
+            SrcAddr: 10.200.201.29
+            DstAddr: 18.220.208.40
+            SrcPort: 44458
+            DstPort: 80
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a e9 54 05 27 02 19
+        Flow 25
+            [Duration: 0.010000000 seconds (milliseconds)]
+                StartTime: Aug 16, 2017 17:43:50.054000000 MDT
+                EndTime: Aug 16, 2017 17:43:50.064000000 MDT
+            Permanent Octets: 2487
+            Permanent Packets: 7
+            SrcAddr: 18.220.208.4
+            DstAddr: 10.200.201.29
+            SrcPort: 80
+            DstPort: 44458
+            Enterprise Private entry: (CERT Coordination Center) Type 40: Value (hex bytes): 00 00
+            Protocol: TCP (6)
+            Flow End Reason: End of Flow detected (3)
+            Vlan Id: 0
+            IP ToS: 0x00
+            Enterprise Private entry: ((null)) Type 293: Value (hex bytes): 03 c0 03 00 0a 4d 79 2e 00 12 19
+'''
+host = sys.argv[1]
+port = 2055
+N = 150000
+flowsPerPacket = 25
+sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+sock.sendto(tpl, (host, port))
+time.sleep(0.2)
+ts = time.time()
+print("%d: started sending %d YAF flows in %d packets totaling %d bytes" % (ts,N*flowsPerPacket, N, N*len(data)))
+print("%d: flow size %d, packet size %d" % (ts, len(data) / flowsPerPacket, len(data)))
+for i in range(0, N):
+    sock.sendto(data, (host, port))