Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Wireshark-users: Re: [Wireshark-users] cflow v9 dissector oddity

Date Index Thread Index Other Months All Mailing Lists

Date Prev Date Next Thread Prev Thread Next

From: Yann Berthier <yb@xxxxxxxxxxxxxx>
Date: Sun, 3 Dec 2006 19:49:02 -0500

   Hello,


   Thanks for your feedback,

On Thu, 30 Nov 2006, at 17:57, Stephen Fisher wrote:

> On Sun, Nov 26, 2006 at 11:10:05PM -0500, Yann Berthier wrote:
> 
> >    On a capture of netflow v9 traffic from 2 routers, where r1 exports
> >    data flowsets using template id 257 and template flowsets of said id
> >    of 21 fields, and r2 exports a template flowset for id == 257 of 23
> >    fields, wireshark (0.99.4) mixes-up the templates when decoding the
> >    flowsets from r1 - it uses the last template cached, be it from r1
> >    or r2, to decode the data flowsets from r1
> 
> This sounds like a problem with the dissector.  Could you file a bug at 
> http://bugzilla.wireshark.org/ and attach a capture file that you see 
> the problem with?

   
   Sure for the former, the latter may be harder, i would have preferred
   to provide it privately. If not, i'd need to check what's in the
   capture obviously

   thanks,

      - yann

Follow-Ups:
- Re: [Wireshark-users] cflow v9 dissector oddity
  - From: Motonori Shindo

References:
- Re: [Wireshark-users] cflow v9 dissector oddity
  - From: Stephen Fisher

Prev by Date: Re: [Wireshark-users] How do you compile a new protocol into Wireshark
Next by Date: Re: [Wireshark-users] Wireshark on OpenBSD, and using OpenSSL
Previous by thread: Re: [Wireshark-users] cflow v9 dissector oddity
Next by thread: Re: [Wireshark-users] cflow v9 dissector oddity
Index(es):
- Date
- Thread