Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-bugs: [Wireshark-bugs] [Bug 2764] New: Netflow Dissector - cannot decode IPFIX packets

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sat, 2 Aug 2008 05:50:11 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2764

           Summary: Netflow Dissector - cannot decode IPFIX packets
           Product: Wireshark
           Version: SVN
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: irino@xxxxxxxxxxxxxx


Build Information:
$ ./wireshark -v
wireshark 1.0.99 (SVN Rev 25902)

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.9, with GLib 2.16.4, with libpcap 0.9.8, with libz
1.2.3.3, without POSIX capabilities, without libpcre, without SMI, without
ADNS,
without Lua, without GnuTLS, without Gcrypt, without Kerberos, without
PortAudio, without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.6.24-19-generic, with libpcap version 0.9.8.

Built using gcc 4.2.3 (Ubuntu 4.2.3-2ubuntu7).

--
This patch is tested against IPFIX packets exported from YAF
(http://tools.netsa.cert.org/yaf/)

This patch
(1) fixes to decode IPFIX packets.
The revision 25601 warns and be not able to decodes IPFIX packets fully,
because the array "hf_register_info" does not have an entry
"hf_cflow_datarecord_length", and a length check for IPFIX packets is incorrect
in "dissect_netflow" function.
(2) is able to decode all Information Elements standardized by RFC 5102
(3) is able to decode IPFIX templates and data that contains PEN (Private
Enterprise Number) fields standardized by RFC 5101, and is able to decode
bi-directional flow standardized by RFC 5103.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
  • Follow-Ups:
    • [Wireshark-bugs] [Bug 2764] Netflow Dissector - cannot decode IPFIX packets
      • From: bugzilla-daemon
    • [Wireshark-bugs] [Bug 2764] Netflow Dissector - cannot decode IPFIX packets
      • From: bugzilla-daemon
    • [Wireshark-bugs] [Bug 2764] Netflow Dissector - cannot decode IPFIX packets
      • From: bugzilla-daemon
    • [Wireshark-bugs] [Bug 2764] Netflow Dissector - cannot decode IPFIX packets
      • From: bugzilla-daemon
  • Prev by Date: [Wireshark-bugs] [Bug 2731] tshark/wireshark don't allow snaplen < 68
  • Next by Date: [Wireshark-bugs] [Bug 2764] Netflow Dissector - cannot decode IPFIX packets
  • Previous by thread: [Wireshark-bugs] [Bug 2731] tshark/wireshark don't allow snaplen < 68
  • Next by thread: [Wireshark-bugs] [Bug 2764] Netflow Dissector - cannot decode IPFIX packets
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation