Ethereal-users: Re: [Ethereal-users] cflow v9 template records

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Motonori Shindo <mshindo@xxxxxxxxxxx>
Date: Thu, 23 Feb 2006 16:07:07 +0900 (JST)
Paul,

From: <paul.sellnow@xxxxxxx>
Subject: [Ethereal-users] cflow v9 template records
Date: Wed, 22 Feb 2006 16:44:23 -0600

> I see that in version 0.10.13 there is now support for the Netflow/CFLOW
> version 9 template records. However, for the decodes of the actual flow
> records it appears that all flows are decoded using Cisco's #256
> template record. I have some traces which also include some #257
> template records, which are 4 bytes longer than the #256 template, but
> the cflow decode seems to only use the #256 template format regardless
> of the template id in the flowset header. If a #256 record follows a
> #257 record then all the fields are offset by an extra four bytes.
>  
> Is there a way for me to create my own #257 template format in an ASCII
> file off to the side, and have ethereal look for it when the data
> contains that value in the flowset header? Or is that compiled into the
> binary and out of reach?

I don't think such a default template is built in (although there was
a discussion as to whether we should have such a default template or
not in the past). If you don't mind, will you send me the trace file
you have? I will take a look at it.

---
Motonori Shindo

Fivefront Corporation
Chief Technology Officer
http://www.fivefront.com