Hi, My company is considering buying "nProbe 5.x [Win32]" because of its ability to generate IPFIX traffic. We downloaded the demo version and took a packet capture of the traffic. The flow headers indicated version 10, as expected, but the Length field in the flow header is reporting the number of FlowSets (like was done in NetFlow Version 9).
The RFC (http://www.ietf.org/internet-drafts/draft-ietf-ipfix-file-03.txt) indicates: 1. Search for the first occurrence of the octet string 0x00, 0x0A (the IPFIX Message Header Version field) 2. Treat this field as the beginning of a candidate IPFIX Message. Read the two bytes following the Version field as a Message Length, and seek to that offset from the beginning of the candidate IPFIX Message. Also, Wireshark is unable to decode the IPFIX packets, until I manually modify a packet so that it is the message length. So, I guess my question is, is this a bug or intended behavior? Thanks, David
_______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
