Ask Your Question
0

CFLOW decode IPFIX sequence number

asked 2018-06-22 22:30:18 +0000

Morgan gravatar image

Hi, I am using Wireshark with the CFLOW decode on Juniper router IPFIX packets.

I have the feeling the sequence number is not properly handled when packet with template are received. As from IPFIX documentation, template and option-template are not incrementing sequence number.

When I am viewing one of the capture, I see Wireshark showing sequence error at each template, option-template and folowing data packet because it expect the template and option-template to also increment sequence number.

As a result it is hard to find the real sequence problems from these false positive.

I am using Wireshark 2.4.2 on Ubuntu 18.04

Can anyone confirm this ? Thanks.

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2018-06-23 16:21:10 +0000

grahamb gravatar image

Probably best to raise an entry on the Wireshark Bugzilla for this, attaching your capture.

edit flag offensive delete link more

Comments

Thank you. I will do that.

Morgan gravatar imageMorgan ( 2018-06-27 20:36:42 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-06-22 22:30:18 +0000

Seen: 1,386 times

Last updated: Jun 27 '18