Ask Your Question

Revision history [back]

Protocol CFLOW not processing full size Packet

Hi team, I did a packet capture to analyze the Netflow (v9) data. I noticed that for smaller packet (< 1420 including IP header), it inteprets all fields properly. If it is full size, it doesn't inteprets the FlowSet 2 that contains the actual flow data anymore... It still shows the version, count, FlowSequence, and the FlowSet 1 which is the Template, just not the data part. I just updated the wireshark to the latest 4.4.3 too and still the same. Please help. Thanks! Difan

Protocol CFLOW not processing full size Packet

Hi team, I did a packet capture to analyze the Netflow (v9) data. I noticed that for smaller packet (< 1420 including IP header), it inteprets all fields properly. If it is full size, it doesn't inteprets the FlowSet 2 that contains the actual flow data anymore... It still shows the version, count, FlowSequence, and the FlowSet 1 which is the Template, just not the data part. I just updated the wireshark to the latest 4.4.3 too and still the same. Please help. help.

PS - I want to attach the packets but it requires "60 points" for that... I am new to the forum. Please let me how to attach if there is a different way to do that. Thanks!

Thanks! Difan