Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10432] New: Not decoding netflow v9 flowset that uses options template

Wireshark-bugs: [Wireshark-bugs] [Bug 10432] New: Not decoding netflow v9 flowset that uses opti

Date: Thu, 28 Aug 2014 20:56:01 +0000

Bug ID	10432
Summary	Not decoding netflow v9 flowset that uses options template
Product	Wireshark
Version	1.12.0
Hardware	x86-64
OS	Windows 7
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Created attachment 13022 [details]
Netflow v9 packets

Build Information:
Version 1.12.0 (v1.12.0-0-g4fab41a from master-1.12)

Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 31 2014),
with
AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap.
        Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz, with 8078MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
In my captures I have received all the data templates and option templates. In
the flowsets which contain the actual flow data, the flowset specifying the
data template is decoded perfectly fine however the flowset specifying the
option template is shown as "no template found".


As per suggestion from Bill Meier in this post in the forum, I am filing this
bug report

https://ask.wireshark.org/questions/35812/decoding-netflow-v9-flowset-that-uses-options-template

As per him,

"
There's explicit code in the netflow dissector to ignore an options template if
the "options scope length" is zero in the template.

However, a quick read of the Cisco V9 protocol descriptions indicates to me
that an options template having an option scope length of zero is OK.
"

The capture file is attached. The 3rd packet contains the templates. The rest
contains the flow data that can not be decoded.

Thanks,
Difan

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10432] Not decoding netflow v9 flowset that uses options template
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10408] Buildbot crash output: fuzz-2014-08-23-12325.pcap
Next by Date: [Wireshark-bugs] [Bug 10432] Not decoding netflow v9 flowset that uses options template
Previous by thread: [Wireshark-bugs] [Bug 10431] Feature request: Add GPS coordinates to additional column
Next by thread: [Wireshark-bugs] [Bug 10432] Not decoding netflow v9 flowset that uses options template
Index(es):
- Date
- Thread