> I've configured Netflow on a Cisco router to export netflow
> data to UDP
> port 2055 on the system that I have ethereal running on. My question
> is, how can I create a capture filter so that I see ONLY the netflow
> data and that it decodes those packets so I can see the
> flows. I'm not
> quite sure how I form the capture filter itself. Any hints would be
> appreciated! Thanks!!
>
Hi,
I hope you mean "how can I create a capture filter so that I see ONLY the netflow packets",
because you can only restrict to the packets, you cannot tell ethereal to automatically
strip lower level headers and get only netflow _data_ -there are ways to do that, but they
involve the command line tool tethereal and some external grepping-.
You have information on the capture filters under Help, Contents, tab Capture Filters.
In sort,
udp port 2055
should capture only those packets. If you have several routers, you can use
udp port 2055 and ip host x.x.x.x
where x.x.x.x is the address of the router you are interested in.
As a frequent source of misunderstandings, please remember that capture and display filters
have different syntax.
Regards,
Francisco