 | 1 | initial version |
Hi team, I did a packet capture to analyze the Netflow (v9) data. I noticed that for smaller packet (< 1420 including IP header), it inteprets all fields properly. If it is full size, it doesn't inteprets the FlowSet 2 that contains the actual flow data anymore... It still shows the version, count, FlowSequence, and the FlowSet 1 which is the Template, just not the data part. I just updated the wireshark to the latest 4.4.3 too and still the same. Please help. Thanks! Difan
Hi team,
I did a packet capture to analyze the Netflow (v9) data. I noticed that for smaller packet (< 1420 including IP header), it inteprets all fields properly. If it is full size, it doesn't inteprets the FlowSet 2 that contains the actual flow data anymore... It still shows the version, count, FlowSequence, and the FlowSet 1 which is the Template, just not the data part. I just updated the wireshark to the latest 4.4.3 too and still the same. Please help. help.
PS - I want to attach the packets but it requires "60 points" for that... I am new to the forum. Please let me how to attach if there is a different way to do that. Thanks!
Thanks! Difan
