Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 5121] Netflow parsing has a problem in sampler ID in case

Date: Wed, 8 Sep 2010 10:36:32 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5121

--- Comment #6 from Bill Meier <wmeier@xxxxxxxxxxx> 2010-09-08 13:36:29 EDT ---
(In reply to comment #1)
> In fact i just realized that length of sampler id is variable. it should be
> taken care of accordingly.

RFC 3954 says "Sampler Id" is a fixed-length field of one byte for Netflow V9
yet obviously the attachments show that for this capture the option template
specifies a length of 2 for the SamplerID Option (48).

What type of device generated this capture ?

Do you have any documentation showing that 2 is a valid length for this field ?

(I've looked at other netflow captures we have, but found none with this
field).

(The code can be changed to fetch 1 or 2 bytes depending upon the length
specified in the options template for this option but before this is done more
information as above would be helpful).

Thanks

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.