Wireshark-bugs: [Wireshark-bugs] [Bug 9723] IPFIX dissector uses UDP length instead of the lengt
Date: Fri, 07 Mar 2014 05:30:01 +0000

changed bug 9723

What Removed Added
CC   hadrielk@yahoo.com

Comment # 1 on bug 9723 from
I see what you're saying - "partial flow" is misleading for this case.  But
what should Wireshark display?  I mean it's not like the message is properly
formatted either.  In the attached capture file the padding octets are beyond
the boundary of the IPFIX messages in each UDP payload, as opposed to being
contained within the IPFIX message as per RFC 5101. (i.e., they're not "IPFIX
padding octets", they're just extraneous octets at the end of the UDP data)

Is that normal/expected?  I don't deal with IPFIX that often, but I've never
seen such extra bytes be put onto the end of UDP payloads for IPFIX messages.
(I have seen them for Netflow v9 though)  My employer's products don't add such
extra bytes, for example.


You are receiving this mail because:
  • You are watching all bug changes.