Curtis Doty wrote:
>I'd like to use the new NetFlow dissector. But neither Bills' default of
>2055 or Matt's original try of 5000 really are. As the protocol has no
>"default" port.
>
>In my case, I've multiple flows to analyze, each on it's own arbitrary
>udp port, so recompiling ethereal for each case will get rather unruly.
>
>Has dynamic dissector association been considered? Or will the
>performance hit be too dramatic?
Hi Curtis,
I just wonder if you have noticed the "Tools/Decode As ..." menu item.
Mark one UDP packet that you want to dissect with the "Cisco Netflow" dissector
and select the "CFLOW" entry from the list. You can then select if all
packets to and from the source port, destination port or both should be dissected as CFLOW.
Unfortunately you have to do this every time you start Ethereal, but it seems to better
than recompiling Ethereal.
It is possible to check what user specified decodes you have defined by using the
Display/User Specified Decodes... menu item.
Another idea:
Instead of recompiling it may be better to make the port number configurable from Preferences.
There are some Protocols where the port number is configurable already
Edit/Preferences.../Protocols/MGCP (LDP, iSCSI,GTPv0, Diamater ...).
Regards,
Martin