This begs another question (as I never thought of it before :)) - I am
using right now, on my Linux box, a very neat Netflow collector and
analyzer, from http://netflow.cesnet.sz, and I am very pleased with it.
Once I read this thread, though, I ran my Ethereal, on the same box,
and was able to "see" the Netflow packets properly decoded as CFLOW ...
my question is: what would you with those in Ethereal? Does anybody
here imply (by the nature of the original question) that Ethereal has
the capability of - also - analyzing these flows? I know it does
properly show in the data payload what flow belongs to what
"conversation" ... but I am not sure what else would be useful from
Ethereal?!?
Thx,
Stef
On Jan 26, 2004, at 10:14 PM, Guy Harris wrote:
On Jan 26, 2004, at 7:48 PM, Nadeem Lughmani wrote:
I am using ethereal version 0.9.16. When I capture NetFlow packets ,
they are not decoded , they
are simply shown as udp packets. I have read that ethereal supports
NetFlow packets.
It does.
Any idea what is going on here..?
You have to configure the NetFlow dissector to specify the UDP port
being used for NetFlow traffic. The default is 2055; if another port
is being used, you have to change the port - select "Preferences" from
the "Edit" menu, open up the "Protocols" list, select "CFLOW" ("Cisco
NetFlow"), change the "NetFlow UDP Port" setting, and click "Apply" if
you only want it to change for the current Ethereal session or click
"Save" and then "Apply" if you want to make it a permanent setting for
yourself.
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users