Ethereal-users: Re: [Ethereal-users] sinffing NetFlow Packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Motonori Shindo <mshindo@xxxxxxxxxxx>
Date: Tue, 27 Jan 2004 13:05:11 +0900 (JST)
Nadeem,

From: "Nadeem Lughmani" <nlughman@xxxxxxxxxxxxxxxxxxx>
Subject: [Ethereal-users] sinffing NetFlow Packets
Date: Mon, 26 Jan 2004 19:48:02 -0800

> I am using ethereal version 0.9.16. When I capture NetFlow packets , they are not decoded , they 
> are simply shown as udp packets. I have read that ethereal supports NetFlow packets.
> Any idea what is going on here..?

Cisco's NetFlow doesn't have a standard port number. Instead, it is
usually configured on both probe device (i.e. routers, switches, etc.)
and the collector explicitly.

To have Ethereal to dissect the packet as NetFlow, you have to
instruct Ethereal which port number is being used as NetFlow. You can
do this by selecting CFLOW from protocols listed in 'Analyze' ->
'Decode As' (this menu item may not exist in the location as described
in Ethereal you're using, but you can easily find the it at somewhere
else in the menu).

Regards,