Ethereal-users: Re: [Ethereal-users] sinffing NetFlow Packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 26 Jan 2004 20:14:24 -0800

On Jan 26, 2004, at 7:48 PM, Nadeem Lughmani wrote:
I am using ethereal version 0.9.16. When I capture NetFlow packets , they are not decoded , they are simply shown as udp packets. I have read that ethereal supports NetFlow packets. 

It does.


Any idea what is going on here..?
You have to configure the NetFlow dissector to specify the UDP port being used for NetFlow traffic. The default is 2055; if another port is being used, you have to change the port - select "Preferences" from the "Edit" menu, open up the "Protocols" list, select "CFLOW" ("Cisco NetFlow"), change the "NetFlow UDP Port" setting, and click "Apply" if you only want it to change for the current Ethereal session or click "Save" and then "Apply" if you want to make it a permanent setting for yourself.