Wireshark-bugs: [Wireshark-bugs] [Bug 3543] enhanced sFlow dissector

Date: Thu, 9 Jul 2009 06:13:38 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3543





--- Comment #29 from Yi Yu <yiyu.inbox@xxxxxxxxx>  2009-07-09 06:13:33 PDT ---
Hi Gerald and the Wireshark team,

I am back to finalise the sFlow dissector!

In addition, I have added another sFlow related feature to Wireshark for InMon
Corp., the inventor of sFlow. After their testing, they prefer to submit this
modification to you too, so it may be included in future Wireshark releases.

What the new feature dose, is to extract packet headers that are encapsulated
in sFlow datagrams (v2/4/5), and feed them to Wireshark for display *as if they
come straight off the wire*. InMon named this feature the "sFlow virtual NIC",
because by enabling this feature, what Wireshark is monitoring is actually the
traffic heard by the sFlow agent network interface in some other remote
networks.

What I have done is to add extra options to the capture dialogue, to wireshark
that main executable, and dumpcap. The decapsulation takes place in dumpcap
itself. I will attach a screenshot of my current capture dialogue modifications
and the decapsulation output. InMon has raised a concern that I quoted below:

"Also we are bit concerned that this implementation would not be accepted by
the Wireshark team because the Capture>Options dialog is intended to be used
for generic options and having the sFlow virtual NIC option seems very
specific."

What do you think? I chose to do it this way because it involves minimum
modifications to Wireshark. An alternative way I can think of is to leave the
main capture options dialogue unchanged, and add an "sFlow VNIC" option to the
Capture menu, which will activate a different capture options dialogue with
everything plus sFlow VNIC options (as the one you see in the screenshot).

Both the enhanced sFlow dissector and VNIC are part of my MSc dissertation. So
I will produced a detailed documentation on them by 21/08. If you are
interested in including my enhancements in future Wireshark releases, I am more
than happy to submit the code and the report to you for review.

Much appreciated if you could reply ASAP! I have very limited time for my
dissertation.

Regards,

Yi (@ University of St Andrews)


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.