Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2019-06-13 17:19:49 +0000

Bercut gravatar image

How to add some field to decode netflow

Hi all.

We have collected dump of netflow traffic. And I want to see names of PEN 9 (cisco private) fields. I have the fields name from cisco, like this:

  _____________________________________________________________________________
  |                 Field                   |    ID | Ent.ID | Offset |  Size |
  -----------------------------------------------------------------------------
  | connection client ipv4 address          | 12236 |      9 |      0 |     4 |
  | connection server ipv4 address          | 12237 |      9 |      4 |     4 |
  | connection client transport port        | 12240 |      9 |      8 |     2 |
  | connection server transport port        | 12241 |      9 |     10 |     2 |
  | routing vrf input                       |   234 |        |     12 |     4 |
  | interface input snmp                    |    10 |        |     16 |     4 |
  | connection initiator                    |   239 |        |     20 |     1 |
  | connection id                           | 12242 |      9 |     21 |     4 |
  | application id                          |    95 |        |     25 |     4 |
  | interface output snmp                   |    14 |        |     29 |     4 |
  | flow sampler                            |    48 |        |     33 |     1 |
  | services waas segment                   |  9252 |      9 |     34 |     1 |
  | services waas passthrough-reason        |  9253 |      9 |     35 |     1 |
  | application http uri statistics         |  9357 |      9 |     36 |   var |
  | application http host                   | 12235 |      9 |     38 |   var |
  | timestamp sys-uptime first              |    22 |        |     40 |     4 |
  | timestamp sys-uptime last               |    21 |        |     44 |     4 |
  | connection new-connections              |   278 |        |     48 |     4 |
  | connection server counter bytes long    |   232 |        |     52 |     8 |
  | connection server counter packets long  |   299 |        |     60 |     8 |
  | connection client counter bytes long    |   231 |        |     68 |     8 |
  | connection client counter packets long  |   298 |        |     76 |     8 |
  | connection delay response to-server sum |  9303 |      9 |     84 |     4 |
  | connection server counter responses     |  9292 |      9 |     88 |     4 |
  | connection delay response to-server his |  9300 |      9 |     92 |     4 |
  | connection delay network to-server sum  |  9319 |      9 |     96 |     4 |
  | connection delay network to-client sum  |  9316 |      9 |    100 |     4 |
  | connection client counter packets retra |  9268 |      9 |    104 |     4 |
  | connection delay network client-to-serv |  9313 |      9 |    108 |     4 |
  | connection delay application sum        |  9306 |      9 |    112 |     4 |
  | connection delay application max        |  9307 |      9 |    116 |     4 |
  | connection delay response client-to-ser |  9309 |      9 |    120 |     4 |
  | connection transaction duration sum     |  9273 |      9 |    124 |     4 |
  | connection transaction counter complete |  9272 |      9 |    128 |     4 |
  -----------------------------------------------------------------------------

and so on.

How I can do it??

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2