[<paul.sellnow@xxxxxxx>]

Monotori,

I understand your concern, but is it really and either/or question? Wouldn't it be possible to set up a Cisco template as a default option within the larger framework, maybe with an XML-ish syntax for field definitions? I know it's asking a lot, and I wish I had the programming skills to contribute myself. It's just frustrating to go from the nice v5 decodes to a hex blob in v9. Cisco is dropping v5 compatibility as they fix omissions in their Catalyst Netflow exports, so we are increasingly being forced into v9. Hard to believe Cisco would change the default v9 format suddenly, their own Netflow collector is too fragile, let alone all the third-party tools they would break.

Thanks,

Paul

-----Original Message-----
From: Motonori Shindo [mailto:mshindo@xxxxxxxxxxx]
Sent: Tuesday, November 01, 2005 8:05 PM
To: ethereal-dev@xxxxxxxxxxxx; Sellnow, Paul
Subject: Re: [Ethereal-dev] Netflow v9 templates


Paul,

From: <paul.sellnow@xxxxxxx>
Subject: [Ethereal-dev] Netflow v9 templates
Date: Tue, 1 Nov 2005 10:20:21 -0600

> Is it possible to enhance the Netflow v9 dissector so that if no specific template record is found, a default template would be applied in the detail pane as a best effort to decode the flow records?

That's technically doable. However, the question is how to determine
such a "default" template. We may be able to choose the one used by
the seemingly most common NetFlow V9 exporter (Cisco?), but I am
personally a bit reluctant to this approach because Cisco may change
the template they use without any notices, or other vendors may become
more prevalent than Cisco, etc.

An ideal approach would be to allow users define an arbitrary template
that'll be applied to a data flowset not defined in any template
flowset. This is flexible but will require much more work (e.g. define
a notation to express a template and parse it accordingly, etc.)

Regards,

---
Motonori Shindo
Fivefront Corporation

Visit our website at http://www.ubs.com

This message contains confidential information and is intended only
for the individual named.  If you are not the named addressee you
should not disseminate, distribute or copy this e-mail.  Please
notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses.  The sender therefore
does not accept liability for any errors or omissions in the contents
of this message which arise as a result of e-mail transmission.  If
verification is required please request a hard-copy version.  This
message is provided for informational purposes and should not be
construed as a solicitation or offer to buy or sell any securities or
related financial instruments.