Ask Your Question
0

Can Wireshark convert sflow packets to "normal" traffic

asked 2020-08-19 09:14:14 +0000

Lars Arnth gravatar image

Hi,

I have setup Sflow to send traffik to a server. I started Wireshark, hoping that i could start analyzing the packets, only to find out, that Wireshark doesnt extract the data from the Sflow. It only shows the actual sflow packet. How can i extract/convert the data to look like normal data?

edit retag flag offensive close merge delete

Comments

What would "normal data" be? Are you looking for collector stats or something else?
(Note to future readers: the presentation @grahamb linked to shows wireshark-ntop , which includes a Lua plugin for Wireshark to display collector stats.)

Chuckc gravatar imageChuckc ( 2020-08-19 14:13:14 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
1

answered 2020-08-19 09:43:32 +0000

grahamb gravatar image

I think you have a misunderstanding of sFlow, it's a sampling of traffic and does not contain the entire traffic flow.

See the SharkFest US 18 presentation from Simone Mainardi on sFlow: Theory and Practice of a Sampling Technology for more info, particularly the slides on when sFlow is not useful.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2020-08-19 09:14:14 +0000

Seen: 404 times

Last updated: Aug 19 '20