Ethereal-users: Re: [Ethereal-users] sinffing NetFlow Packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 27 Jan 2004 15:08:58 -0800
On Tue, Jan 27, 2004 at 08:10:56AM -0600, Stef wrote:
> This begs another question (as I never thought of it before :)) - I am 
> using right now, on my Linux box, a very neat Netflow collector and 
> analyzer, from http://netflow.cesnet.sz, and I am very pleased with it. 
> Once I read this thread, though, I ran my Ethereal, on the same box, 
> and was able to "see" the Netflow packets properly decoded as CFLOW ... 
> my question is: what would you with those in Ethereal? Does anybody 
> here imply (by the nature of the original question) that Ethereal has 
> the capability of - also - analyzing these flows?

Ethereal "understands" NetFlow to the same extent that it understands
the other protocols for which it has dissectors.  It doesn't take
NetFlow traffic and analyze the flows being reported by that traffic,
just as it doesn't take, for example, HTTP traffic containing GIFs or
JPEGs and display the pictures.

Somebody who wanted to could perhaps write a tap to analyze the NetFlow
traffic.