I'm trying to gauge the number of Netflow packets received and am using tshark to decode a pcap file. When I use cflows.flow as a filter, I get no data. However, filters like cflow.packets does return a value do the protocol is being decoded properly.
Any ideas on why this is not working?
C:\Program Files\Wireshark>tshark -r f:\file.pcap -T fields -e frame.number -e frame.time_relative -e cflow.flows -d udp.port==9991,cflow -E header=y -E separator=;
frame.number;frame.time_relative;cflow.flows
1;0.000000000;
2;0.003609000;
3;0.004490000;
4;0.005344000;
5;0.008268000;
6;0.016231000;
As you can see, I get the frame number and the relative time but no cflows.flows which is supposed to give me the number of PDUs of flow data in each frame.
