Wireshark · Wireshark-users: [Wireshark-users] netflow v9 SRC_AS_PEER and DST_AS

Wireshark-users: [Wireshark-users] netflow v9 SRC_AS_PEER and DST_AS_PEER

Date: Tue, 14 Sep 2010 19:20:34 +0900 (JST)

Hello,

Currently wireshark decodes netflow v9 type=128 as "SRC_AS_PEER" and
type=129 as "DST_AS_PEER". Does anyone know in which RFC or other
documents they are defined?

- from packet-netflow.c:
|static const value_string v9_template_types[] = {
|...
|    { 128, "SRC_AS_PEER" },
|    { 129, "DST_AS_PEER" },

In RFC5102 (for IPFIX) id=128 is defined as "bgpNextAdjacentAsNumber"
and id=129 as "bgpPrevAdjacentAsNumber". I think the former is equal to
"DST_AS_PEER" and the latter is equal to "SRC_AS_PEER".

I'd like to know whether this difference is a bug of wireshark or not.

Regards,
-- 
Tomohiko Kurahashi <kura@xxxxxxxxx>

Follow-Ups:
- Re: [Wireshark-users] netflow v9 SRC_AS_PEER and DST_AS_PEER
  - From: Bill Meier

Prev by Date: [Wireshark-users] Wireless (802.11) Management packet generation using wireshark.
Next by Date: Re: [Wireshark-users] Bug 1029 - Tshark -R doesn't support "frame.time >= Jul 20, 2006 17:51:38.368"
Previous by thread: Re: [Wireshark-users] Wireless (802.11) Management packet generation using wireshark.
Next by thread: Re: [Wireshark-users] netflow v9 SRC_AS_PEER and DST_AS_PEER
Index(es):
- Date
- Thread