Wireshark · Wireshark-users: Re: [Wireshark-users] cflow v9 dissector oddity

Wireshark-users: Re: [Wireshark-users] cflow v9 dissector oddity

From: Motonori Shindo <mshindo@xxxxxxxxxxx>

Date: Thu, 21 Dec 2006 12:28:55 +0900 (JST)

Yann,

I'm glad to hear that my patched worked well for you. I hope this
patch gets merged into the SVN repository soon. 

Regards,

---
Motonori Shindo
Fivefront Corporation
http://www.fivefront.com

From: Yann Berthier <yb@xxxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] cflow v9 dissector oddity
Date: Tue, 19 Dec 2006 23:19:17 -0500

>    Hi,
> 
> On Wed, 20 Dec 2006, at 01:23, Motonori Shindo wrote:
> 
> > I have addressed this issue. Please find attached the patch against
> > the current svn repository. 
> 
>    Thanks ! I applied your patch (on the 0.99.4 rel btw), and it decodes
>    the capture i have at hand in a perfectly orthodoxal fashion
> 
> > As per NetFlow V9 protocol, Template ID is guaranteed to be unique per
> > Observation Domain (identified by Source ID) and the Exporter
> > (identified by the source IP address of NetFlow PDU).
> 
>    the funny thing is that i stumbled upon this behavior while trying to
>    track some odd traffic reported by a commercial netflow
>    analysis-and-all product. And it appeared that said oddity was
>    exhibited also by my network-troubleshooter of choice. Hysterical
>    laugh followed ;)
> 
>    Thanks again,
> 
>       - yann

References:
- Re: [Wireshark-users] cflow v9 dissector oddity
  - From: Yann Berthier
- Re: [Wireshark-users] cflow v9 dissector oddity
  - From: Motonori Shindo
- Re: [Wireshark-users] cflow v9 dissector oddity
  - From: Yann Berthier

Prev by Date: Re: [Wireshark-users] why HTTP PDU is not reassambled
Next by Date: Re: [Wireshark-users] cflow v9 dissector oddity
Previous by thread: Re: [Wireshark-users] cflow v9 dissector oddity
Next by thread: Re: [Wireshark-users] cflow v9 dissector oddity
Index(es):
- Date
- Thread