Hi everyone,
I find one error of nprobe when it exports netflow version 9 packet.
"Count" field of packet header announces that this packet has four
flowsets, however it only has three actually.
Below is my capturing netflow packet data from nprobe by wireshark.
Network layer(MAC+IP+UDP) data:
4437e69c822e000c29572cc00800450000b40000400040117cdb0a8954270a895425db5e5ba000a0bae8
netflow acket header: 00090004000086c7510cec0b00000000000000e6
First lowset:
0000005c0101000a0001000400020004000400010007000200080004000b0002000c0004005f0004e0f60002e0f700100102000a00010004000200040004000100070002000b0002001b0010001c0010005f0004e0f60002e0f70010
second flowset: 001001801030004000800010004002a0004002900040000
third flowset: 01030010000000000000000100000000
Kylin Wei (Wei QiKun)
_______________________________________________
Ntop-dev mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
