David I need to look at the issue: - What command line arguments you passed to nprobe in your test? - what wireshark version are you using?
Luca On Apr 17, 2009, at 1:10 AM, Maltby, David wrote: > Hi, > My company is considering buying “nProbe 5.x [Win32]” because of its > ability to generate IPFIX traffic. We downloaded the demo version > and took a packet capture of the traffic. The flow headers > indicated version 10, as expected, but the Length field in the flow > header is reporting the number of FlowSets (like was done in NetFlow > Version 9). > > The RFC (http://www.ietf.org/internet-drafts/draft-ietf-ipfix-file-03.txt > ) indicates: > > 1. Search for the first occurrence of the octet string 0x00, > 0x0A (the IPFIX Message Header Version field) > > 2. Treat this field as the beginning of a candidate IPFIX > Message. Read the two bytes following the Version field as a > Message Length, and seek to that offset from the beginning of the > candidate IPFIX Message. > > Also, Wireshark is unable to decode the IPFIX packets, until I > manually modify a packet so that it is the message length. So, I > guess my question is, is this a bug or intended behavior? > > > > Thanks, > > David > > > > > > > > _______________________________________________ > Ntop-dev mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-dev _______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
