Thanks Hadriel,
I will pass the release number into the functions that deal with
sequence numbers. Will probably hide sequence number analysis behind
a preference setting, defaulted to on for now. r10 does sound as
though it is back to something identical or similar to flows again.
Martin
On
Since Netflow v9 is a Cisco-defined protocol, their own docs should arguably
trump the IETF RFC for their protocol. (personally I would read that RFC to
mean the number of packets/frames, not number of flows)
According to this:
(I think my previous attempt to send this failed, so resending)
A few months ago I updated the Netflow dissector to do sequence
analysis using the Sequence Number field within an Obvservation
Domain, based upon RFC 3954 and a capture file I was looking at.
RFC 3954 describes the field as