sales@gambitcomm.com   (603) 889 5100.
x
This website uses cookies. More info . That's Fine

Get Started

  Home / Get Started

Get started with the MIMIC NetFlow Simulator

MIMIC NetFlow Simulator is an optional MIMIC protocol module to simulate one or more NetFlow / IPFIX exporters.

It can be installed after the base MIMIC installation as below.

    Enable NetFlow in MIMIC

  1. At this point you should have MIMIC installed, and the MIMICview GUI running (see details) . If you don't have MIMICview running, please consult your license e-mail to get it installed and running.

  2. Check whether you already have NETFLOW enabled in MIMIC as shown in the Help -> About Mimic... dialog in MIMICview. It should be listed under Loaded protocols. If already there, then skip to step 7.

  3. Run Protocol Wizard using the Wizards -> Protocol Wizard menu in MIMICView (see details)

  4. Select NetFlow Simulator in Select Protocols dialog if not already selected. Press Next.

  5. Supply corresponding license keys from the license email in the Supply License Keys dialog. Then press Next.

  6. The Result Installing/Uninstalling Protocols dialog shows what got done. Press Finish to proceed. When the simulator restarts, you should have NetFlow enabled.

    Download optional sample NetFlow packages

  7. At this point, you should have NetFlow enabled in MIMIC as shown in the Help -> About Mimic... dialog in MIMICview. It should be listed under Loaded protocols. If not, send us the MIMIC log. (see details)

  8. Invoke the MIMICview Wizard -> Update menu to download and install NetFlow packages (see details)

  9. Check under the section Collections for NetFlow Packages. If not there, then it is already installed. Else, select it, and press Next to install.

    Firewall permission for www.gambitcomm.com , port 80 is needed to run the Update Wizard over the web.

    Please visit this link for alternative MIMIC update instructions in case you don't have Internet to use the Update Wizard over the web connection on the MIMIC system:

    http://www.mirror1.gambitcommunications.com/update/mibs/mimic-update-xxxx/

    where xxxx is current MIMIC version e.g. for 20.10 it is 2010

Advanced configuration

NetFlow packets are generated at most one every second by default, even if the dfs_interval value is less than 1000 msec in the corresponding agent NetFlow configuration file.

The rate can be increased to up to 1000 every second by having a config/netflow.cfg file in MIMIC install area (c:\Apps\Mimic.xxxx or /usr/local/mimic) with a line as below and dfs_interval value as 1 in the corresponding agent NetFlow configuration file:

timer_interval_in_msec = 1 

The MIMIC simulator must be restarted after creating the file and new log must show this line:

NETFLOW: timer_interval_in_msec = 1 (default 1000}

NOTE: This will impact performance of the simulator. Set this only if you need to generate messages more frequently than 1 every second.

Configuring a MIMIC agent as a NetFlow Exporter

  1. Restart MIMIC and select an agent in MIMICView. Stop it if it is already running. Invoke Edit -> Configure -> All dialog (see details) . In the Advanced tab select the check box labeled NETFLOW.

    A tab will appear, also labeled NETFLOW. Select it and use the browse button to select an existing NetFlow configuration file, for example sample_v9.cfg.

  2. Configure flow generation from the agent to a NetFlow collector using the provided Collector and Collector Port fields. The collector will accept space separated list of either IP addresses or node names as input (must be in DNS if a node name is used) (see details) .

  3. When the agent is started, NetFlow data will be exported from the agent as specified by the NetFlow configuration file. The IP addresses and protocol type information are randomized by the NetFlow Recorder and will not contain the exact data contained in the pcap input file.

    The configuration file is user-editable and conforms to the specifications of RFC3954 (Cisco Systems NetFlow Services Export Version 9). Reference this document for information about fields contained in the configuration file.

  4. To verify that NetFlow data is being exported from the MIMIC agent, select the agent, click the Statistics tool on the context menu, and check the NetFlow tab. Alternatively, or additionally, right click the agent and select Agent -> Trace -> NetFlow to enable protocol tracing in the user log. The log should show entries resembling the following:

    agent 7 trace enabled for NETFLOW
    
    NETFLOW[AGT=7]: sent to [192.9.200.45,2055]
    

  5. You can use Netflow Wizard (Wizard->Netflow menu) to create and edit the NetFlow configuration file (see details) .

    More

  6. Our videos page has many videos of NetFlow simulations.

  7. Please refer to the MIMIC Online Help topic Optional Protocol Modules -> MIMIC NETFLOW Protocol Module Guide for further guidance by invoking Help -> Contents menu in MIMICView for full details, or access it here .