cflow.flows field not implemented?

asked 2018-09-10 01:44:31 +0000

HikerGuy gravatar image

updated 2018-09-10 04:13:57 +0000

Guy Harris gravatar image

I'm trying to gauge the number of Netflow packets received and am using tshark to decode a pcap file. When I use cflows.flow as a filter, I get no data. However, filters like cflow.packets does return a value do the protocol is being decoded properly.

Any ideas on why this is not working?

C:\Program Files\Wireshark>tshark -r f:\file.pcap -T fields -e frame.number -e frame.time_relative -e cflow.flows -d udp.port==9991,cflow -E header=y -E separator=;

frame.number;frame.time_relative;cflow.flows
1;0.000000000;
2;0.003609000;
3;0.004490000;
4;0.005344000;
5;0.008268000;
6;0.016231000;

As you can see, I get the frame number and the relative time but no cflows.flows which is supposed to give me the number of PDUs of flow data in each frame.

edit retag flag offensive close merge delete

Comments

What happens if you open the capture file in Wireshark and use cflow.flows as a display filter?

Guy Harris gravatar imageGuy Harris ( 2018-09-10 04:13:23 +0000 )edit
add a comment