The only thing that seems weird is that they define the output interface in their template but set it always to 0 (while the input interface is set)...
An IPFIX packet : [cid:[email protected]] And the template : [cid:[email protected]] [cid:[email protected]] ________________________________ De : [email protected] [mailto:[email protected]] De la part de Jean-baptiste Fuzier Envoyé : mercredi 15 juin 2011 16:10 À : [email protected] Objet : Re: [Ntop] RE Ntop and Avaya/Nortel IPFIX implementation Thank you very much, Wireshark is now decoding the traffic as IPFIX and once it gets the template, information are human readeable! But that does not explain why some tools are getting the right flows size while other do not... Maybe it has something to do with the template Nortel is using... ________________________________ De : [email protected] [mailto:[email protected]] De la part de Sebastien Bouvet Envoyé : mercredi 15 juin 2011 15:45 À : [email protected] Objet : [Ntop] RE Ntop and Avaya/Nortel IPFIX implementation Hello, When using Wireshark, have you tried a right-click on flows supposed to be IPFIX and select the option "Decode As". You'll have a list of protocols that Wireshark is able to decode. Select CFLOW decoder and see if it still cannot detect IPFIX flows. Try to update Wirehark to the new version if it is not working. About your Nortel troubles, I can't help as I'm not using them. have a good day -- SB [cid:[email protected]]Jean-baptiste Fuzier <[email protected]> Jean-baptiste Fuzier <[email protected]> Envoyé par : [email protected] 15/06/2011 15:02 Veuillez répondre à [email protected] A "[email protected]" <[email protected]> cc Objet [Ntop] Ntop and Avaya/Nortel IPFIX implementation Hello, I am currently working on a project involving LAN traffic monitoring using our Nortel Switches (ERS5000 and 4500). I noticed that when using Ntop as the Netflow collector, the amount (in size) of traffic seen by Ntop is nothing near reality... (I am also testing a commercial product which seems to work fine while yet another commercial product gives me the same information as Ntop..). Is something wrong with Nortel's IPFIX implementation? Wireshark is not able to understant the IPFIX messages, but I do not know if there is an IPFIX dissector embedeed in Wireshark and if it is able to see the IPFIX template in the capture and use it... Thanks in advance for your help, Regards -- Jean Baptiste Fuzier_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop [http://corporate.airfrance.com/fileadmin/dossiers/images/logo_disclaimerAF.gif] Accédez aux meilleurs tarifs Air France, gérez vos réservations et enregistrez-vous en ligne sur http://www.airfrance.com Find best Air France fares, manage your reservations and check in online at http://www.airfrance.com ________________________________ Les données et renseignements contenus dans ce message peuvent être de nature confidentielle et soumis au secret professionnel et sont destinés à l'usage exclusif du destinataire dont les coordonnées figurent ci-dessus. Si vous recevez cette communication par erreur, nous vous demandons de ne pas la copier, l'utiliser ou la divulguer. Nous vous prions de notifier cette erreur à l'expéditeur et d'effacer immédiatement cette communication de votre système. Société Air France - Société anonyme au capital de 1 901 231 625 euros - RCS Bobigny (France) 420 495 178 - 45, rue de Paris, 95 747 Roissy CDG CEDEX The data and information contained in this message may be confidential and subject to professional secrecy and are intended for the exclusive use of the recipient at the address shown above. If you receive this message by mistake, we ask you not to copy, use or disclose it. Please notify this error to the sender immediately and delete this message from your system. Société Air France - Limited company with capital of 1,901,231,625 euros - Bobigny register of companies (France) 420 495 178 - 45, rue de Paris, 95 747 Roissy CDG CEDEX ________________________________ Pensez à l'environnement avant d'imprimer ce message. Think of the environment before printing this mail.
<<inline: image001.gif>>
<<inline: image002.gif>>
<<inline: image003.gif>>
<<inline: image004.gif>>
<<inline: image005.gif>>
<<inline: image006.gif>>
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
