Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9723] IPFIX dissector uses UDP length instead of the length in the IPFIX heade

Wireshark-bugs: [Wireshark-bugs] [Bug 9723] IPFIX dissector uses UDP length instead of the lengt

Date: Fri, 07 Mar 2014 05:30:01 +0000

What	Removed	Added
CC		[email protected]

Comment # 1 on bug 9723 from Hadriel Kaplan

I see what you're saying - "partial flow" is misleading for this case.  But
what should Wireshark display?  I mean it's not like the message is properly
formatted either.  In the attached capture file the padding octets are beyond
the boundary of the IPFIX messages in each UDP payload, as opposed to being
contained within the IPFIX message as per RFC 5101. (i.e., they're not "IPFIX
padding octets", they're just extraneous octets at the end of the UDP data)

Is that normal/expected?  I don't deal with IPFIX that often, but I've never
seen such extra bytes be put onto the end of UDP payloads for IPFIX messages.
(I have seen them for Netflow v9 though)  My employer's products don't add such
extra bytes, for example.

You are receiving this mail because:

You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 9021] RTP not decoded inside the conversation in v.1.10.1
Next by Date: [Wireshark-bugs] [Bug 9844] New: Add the Tools menu into Qtshark (or something like it)
Previous by thread: [Wireshark-bugs] [Bug 9730] Buildbot crash output: fuzz-2014-02-06-17909.pcap
Next by thread: [Wireshark-bugs] [Bug 9723] IPFIX dissector uses UDP length instead of the length in the IPFIX header
Index(es):
- Date
- Thread