Ethereal-users: Re: [Ethereal-users] cflow v9 template records

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Motonori Shindo <mshindo@xxxxxxxxxxx>
Date: Wed, 15 Mar 2006 08:01:06 +0900 (JST)
Paul,

From: <paul.sellnow@xxxxxxx>
Subject: RE: [Ethereal-users] cflow v9 template records
Date: Tue, 14 Mar 2006 12:30:39 -0600

> Monotori,
> 
> I am assuming that your attached diff file would involve recompiling the
> program. Unfortunately I am not a developer, and do not have the tools
> and skills for this. I just use the Windows binaries. Hopefully this
> patch will be incorporated in a new release in the near future.

Yes, you need to apply this patch to the source code and then
recompile it. I used to have an environment to build Windows binaries,
but I don't have it handy now.

I hope this patch will get merged into the code base soon, but I am
not the one who decides it :-)

> As far as the Flowset count, I was assuming that the two template
> definitions would be 1/4 and 2/4, and the two data flowsets would be
> 3/4 and 4/4. No?

Count Field in NetFlow V9 header represents the number of FlowSet
included in the PDU. In your capture file, there are one Template
FlowSet with two Template Records inside, and two Data Flowets with
one Flow Data Record each. While there are 4 "records" included in the
PDU but only 3 FlowSets are available.

Regards,

---
Motonori Shindo
Chief Technology Officer
Fivefront Corporation
http://www.fivefront.com