|
Hi,
You can use "cflow" as a display filter in
Ethereal, but you cannot use it as a capture filter.
The syntax for capture filter is described in
the documentation for tcpdump/windump
corresponding to the libpcap/winpcap version you are using, e.g.
In order to capture cflow packets you could maybe
try with a capture filter like "udp port 2055".
That would capture all UDP packets to or from port 2055.
You could even combine it with an ip-address "host
10.20.20.11 and udp port 2055" to
capture all packets to/or from UDP port 2055 on a
specific machine
You may neet to get information about what
server port number is used for CFLOW packets in your network.
This is maybe
something that is configurable in the
equipment/software that is sending respectivelly listening for cflow
packets.
If the default port 2055 is not used you may also
need to change a preference setting fo Ethereal in order to get the packets
decoded as CFLOW:
Nadeem Lughmani wrote:
I have created a capture filter
for cflow. When I click on capture start and apply this filter I get the
following error message:
unable to parse capture filter
(parse error) Interestingly enough, this looks like a valid display filter.
Are you sure you did not mix them up
I dont have any display filter
set. Does any one know whats going on here? All I want is basically to capture
cflow traffic and not others. Any help is greatly
appreciated.
Thanks
Nadeem
+++++++++++++++++++++++++++++++++
I am running ethereal version
0.9.16 compiled with GTK+ 1.3.0 with wincap (version unknown) with libz
1.1.1
|