Marlon,
Yes, it's quite possible, but there are couple of things you'd better
keep in mind:
1) To decode NetFlow V9 packets successfully, Template FlowSet must
be included in the captured packets, so you'd have to capture
traffic long enough. I can't tell you how long because the timing
of Template FlowSet exporting is exprorter implementation and/or
configuration dependent.
2) There is no standard port number defined for NetFlow. Currently,
Wireshark assumes 2055/udp and 9996/udp are for NetFlow. If you
are using a port number other than these two, you have to use
"decode as" functionaly in Wireshark.
Regards,
---
Motonori Shindo
Chief Technology Officer
Fivefront Corporation
http://www.fivefront.com
From: Marlon Duksa <mduksa@xxxxxxxxx>
Subject: [Wireshark-users] decoding netflow
Date: Thu, 14 May 2009 16:20:38 -0700
> Hi - we are running Netflow 9 on Cisco and would like to run a decode on the
> packets. Is this possible with Wireshark?Thanks,
