https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14315
Bug ID: 14315
Summary: -T ek enterprise private entry
Product: Wireshark
Version: 2.4.3
Hardware: x86-64
OS: Ubuntu
Status: UNCONFIRMED
Severity: Critical
Priority: Low
Component: TShark
Assignee: bugzilla-ad...@wireshark.org
Reporter: elias.abouha...@idm.net.lb
Target Milestone: ---
Build Information:
TShark (Wireshark) 2.4.3 (Git v2.4.3 packaged as 2.4.3-1~xenial1)
Copyright 1998-2017 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.48.2, with zlib 1.2.8, with SMI 0.4.8, with c-ares 1.10.0, with Lua
5.2.4, with GnuTLS 3.4.10, with Gcrypt 1.6.5, with MIT Kerberos, with GeoIP,
with nghttp2 1.7.1, with LZ4, with Snappy, with libxml2 2.9.3.
Running on Linux 4.4.0-104-generic, with Intel(R) Core(TM)2 Duo CPU E7200
@
2.53GHz, with 3942 MB of physical memory, with locale LC_CTYPE=en_US.UTF-8,
LC_NUMERIC=ar_LB.UTF-8, LC_TIME=ar_LB.UTF-8, LC_COLLATE=en_US.UTF-8,
LC_MONETARY=ar_LB.UTF-8, LC_MESSAGES=en_US.UTF-8, LC_PAPER=ar_LB.UTF-8,
LC_NAME=ar_LB.UTF-8, LC_ADDRESS=ar_LB.UTF-8, LC_TELEPHONE=ar_LB.UTF-8,
LC_MEASUREMENT=ar_LB.UTF-8, LC_IDENTIFICATION=ar_LB.UTF-8, with libpcap version
1.7.4, with GnuTLS 3.4.10, with Gcrypt 1.6.5, with zlib 1.2.8.
Built using gcc 5.4.0 20160609.
--
Dear All,
Please note that wen im using tshark to collect IPFIX v10 from Procera Device
using the -T ek i have a small issue that i have the same duplicate key
"text_cflow_enterprise_private_entry" . on the other hand once use -T json the
key well be enterprise_private_entry.ID , the ID is the private enterprise ID
could we have to do this in the -T ek to avoid duplicate key and stored it in
elastic-search and how we can extract the templates to do the elastic mapping.
json Example : {"timestamp" : "1515480481323", "layers" : {"frame":
{"filtered": "frame"},"eth": {"filtered": "eth"},"ip": {"filtered":
"ip"},"udp": {"filtered": "udp"},"cflow": {"cflow_cflow_version":
"10","cflow_cflow_len": "1461","cflow_cflow_timestamp": "Jan 9, 2018
08:48:01.000000000 EET","cflow_timestamp_cflow_exporttime":
"1515480481","cflow_cflow_sequence": "1661603079","cflow_cflow_od_id":
"2880943041","cflow_text": "Set 1 [id=33145] (11
flows)","text_cflow_flowset_id": "33145","text_cflow_flowset_length":
"1445","text_cflow_template_frame": "84162","text_text": "Flow
1","text_cflow_timedelta": "1.000000000","cflow_timedelta_cflow_abstimestart":
"Jan 9, 2018 08:48:00.000000000 EET","cflow_timedelta_cflow_abstimeend": "Jan
9, 2018 08:48:01.000000000 EET","text_cflow_protocol":
"6","text_cflow_post_natsource_ipv4_address":
"10.3.73.213","text_cflow_post_natdestination_ipv4_address":
"162.125.1.1","text_cflow_post_naptdestination_transport_port":
"443","text_cflow_srcport": "49712","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_enterprise_private_entry":
"42:65:69:6e:67:20:61:6e:61:6c:79:7a:65:64","cflow_enterprise_private_entry_cflow_string_len_short":
"14","text_cflow_enterprise_private_entry":
"42:65:69:6e:67:20:61:6e:61:6c:79:7a:65:64","cflow_enterprise_private_entry_cflow_string_len_short":
"14","text_cflow_enterprise_private_entry": "00:00","text_cflow_outputint":
"121","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_srcaddr": "10.3.73.213","text_cflow_srcaddrv6":
"::","text_cflow_srcas": "0","text_cflow_dstas": "0","text_cflow_dstaddrv6":
"::","text_cflow_dstaddr": "162.125.1.1","text_cflow_dstport":
"443","text_cflow_permanent_octets": "706","text_cflow_inputint":
"121","text_cflow_permanent_packets": "7","text_text": "Flow
2","text_cflow_timedelta": "20.000000000","cflow_timedelta_cflow_abstimestart":
"Jan 9, 2018 08:47:41.000000000 EET","cflow_timedelta_cflow_abstimeend": "Jan
9, 2018 08:48:01.000000000 EET","text_cflow_protocol":
"17","text_cflow_post_natsource_ipv4_address":
"10.210.30.68","text_cflow_post_natdestination_ipv4_address":
"8.8.8.8","text_cflow_post_naptdestination_transport_port":
"53","text_cflow_srcport": "61021","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_enterprise_private_entry":
"44:4e:53","cflow_enterprise_private_entry_cflow_string_len_short":
"3","text_cflow_enterprise_private_entry":
"44:4e:53","cflow_enterprise_private_entry_cflow_string_len_short":
"3","text_cflow_enterprise_private_entry": "00:00","text_cflow_outputint":
"131","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_srcaddr": "10.210.30.68","text_cflow_srcaddrv6":
"::","text_cflow_srcas": "0","text_cflow_dstas": "0","text_cflow_dstaddrv6":
"::","text_cflow_dstaddr": "8.8.8.8","text_cflow_dstport":
"53","text_cflow_permanent_octets": "309","text_cflow_inputint":
"131","text_cflow_permanent_packets": "2","text_text": "Flow
3","text_cflow_timedelta": "0.000000000","cflow_timedelta_cflow_abstimestart":
"Jan 9, 2018 08:48:01.000000000 EET","cflow_timedelta_cflow_abstimeend": "Jan
9, 2018 08:48:01.000000000 EET","text_cflow_protocol":
"6","text_cflow_post_natsource_ipv4_address":
"37.209.250.191","text_cflow_post_natdestination_ipv4_address":
"192.168.33.33","text_cflow_post_naptdestination_transport_port":
"443","text_cflow_srcport": "62221","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_enterprise_private_entry":
"42:65:69:6e:67:20:61:6e:61:6c:79:7a:65:64","cflow_enterprise_private_entry_cflow_string_len_short":
"14","text_cflow_enterprise_private_entry":
"42:65:69:6e:67:20:61:6e:61:6c:79:7a:65:64","cflow_enterprise_private_entry_cflow_string_len_short":
"14","text_cflow_enterprise_private_entry": "00:00","text_cflow_outputint":
"111","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_srcaddr": "37.209.250.191","text_cflow_srcaddrv6":
"::","text_cflow_srcas": "0","text_cflow_dstas": "0","text_cflow_dstaddrv6":
"::","text_cflow_dstaddr": "192.168.33.33","text_cflow_dstport":
"443","text_cflow_permanent_octets": "144","text_cflow_inputint":
"111","text_cflow_permanent_packets": "2","text_text": "Flow
4","text_cflow_timedelta": "22.000000000","cflow_timedelta_cflow_abstimestart":
"Jan 9, 2018 08:47:39.000000000 EET","cflow_timedelta_cflow_abstimeend": "Jan
9, 2018 08:48:01.000000000 EET","text_cflow_protocol":
"1","text_cflow_post_natsource_ipv4_address":
"10.33.138.157","text_cflow_post_natdestination_ipv4_address":
"194.126.16.38","text_cflow_post_naptdestination_transport_port":
"3","text_cflow_srcport": "3","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_enterprise_private_entry":
"49:50:20:70:72:6f:74:6f:63:6f:6c:20:31:20:28:49:43:4d:50:29","cflow_enterprise_private_entry_cflow_string_len_short":
"20","text_cflow_enterprise_private_entry":
"49:50:20:70:72:6f:74:6f:63:6f:6c:20:31:20:28:49:43:4d:50:29","cflow_enterprise_private_entry_cflow_string_len_short":
"20","text_cflow_enterprise_private_entry": "00:00","text_cflow_outputint":
"121","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_srcaddr": "10.33.138.157","text_cflow_srcaddrv6":
"::","text_cflow_srcas": "0","text_cflow_dstas": "0","text_cflow_dstaddrv6":
"::","text_cflow_dstaddr": "194.126.16.38","text_cflow_dstport":
"3","text_cflow_permanent_octets": "260","text_cflow_inputint":
"0","text_cflow_permanent_packets": "2","text_text": "Flow
5","text_cflow_timedelta":
"181.000000000","cflow_timedelta_cflow_abstimestart": "Jan 9, 2018
08:45:00.000000000 EET","cflow_timedelta_cflow_abstimeend": "Jan 9, 2018
08:48:01.000000000 EET","text_cflow_protocol":
"6","text_cflow_post_natsource_ipv4_address":
"10.75.0.243","text_cflow_post_natdestination_ipv4_address":
"52.11.202.100","text_cflow_post_naptdestination_transport_port":
"80","text_cflow_srcport": "10960","text_cflow_enterprise_private_entry":
"68:74:74:70:3a:2f:2f:61:70:70:63:6c:69:63:6b:2e:63:6f:2f:50:75:62:6c:69:63:53:65:72:76:69:63:65:73:2f:41:66:70:70:41:70:69:52:65:73:74:56:31:2e:73:76:63:2f:4f:66:66:65:72:2f:51:75:61:6c:69:66:69:65:64:2f:57:69:74:68:53:65:73:73:69:6f:6e:2f:47:65:74","cflow_enterprise_private_entry_cflow_string_len_short":
"83","text_cflow_enterprise_private_entry":
"48:54:54:50","cflow_enterprise_private_entry_cflow_string_len_short":
"4","text_cflow_enterprise_private_entry":
"48:54:54:50","cflow_enterprise_private_entry_cflow_string_len_short":
"4","text_cflow_enterprise_private_entry": "00:c8","text_cflow_outputint":
"121","text_cflow_enterprise_private_entry":
"61:70:70:63:6c:69:63:6b:2e:63:6f","cflow_enterprise_private_entry_cflow_string_len_short":
"11","text_cflow_srcaddr": "10.75.0.243","text_cflow_srcaddrv6":
"::","text_cflow_srcas": "0","text_cflow_dstas": "0","text_cflow_dstaddrv6":
"::","text_cflow_dstaddr": "52.11.202.100","text_cflow_dstport":
"80","text_cflow_permanent_octets": "436","text_cflow_inputint":
"121","text_cflow_permanent_packets": "4","text_text": "Flow
6","text_cflow_timedelta": "20.000000000","cflow_timedelta_cflow_abstimestart":
"Jan 9, 2018 08:47:41.000000000 EET","cflow_timedelta_cflow_abstimeend": "Jan
9, 2018 08:48:01.000000000 EET","text_cflow_protocol":
"1","text_cflow_post_natsource_ipv4_address":
"10.33.14.212","text_cflow_post_natdestination_ipv4_address":
"193.227.177.130","text_cflow_post_naptdestination_transport_port":
"3","text_cflow_srcport": "3","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_enterprise_private_entry":
"49:50:20:70:72:6f:74:6f:63:6f:6c:20:31:20:28:49:43:4d:50:29","cflow_enterprise_private_entry_cflow_string_len_short":
"20","text_cflow_enterprise_private_entry":
"49:50:20:70:72:6f:74:6f:63:6f:6c:20:31:20:28:49:43:4d:50:29","cflow_enterprise_private_entry_cflow_string_len_short":
"20","text_cflow_enterprise_private_entry": "00:00","text_cflow_outputint":
"131","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_srcaddr": "10.33.14.212","text_cflow_srcaddrv6":
"::","text_cflow_srcas": "0","text_cflow_dstas": "0","text_cflow_dstaddrv6":
"::","text_cflow_dstaddr": "193.227.177.130","text_cflow_dstport":
"3","text_cflow_permanent_octets": "130","text_cflow_inputint":
"0","text_cflow_permanent_packets": "1","text_text": "Flow
7","text_cflow_timedelta": "20.000000000","cflow_timedelta_cflow_abstimestart":
"Jan 9, 2018 08:47:41.000000000 EET","cflow_timedelta_cflow_abstimeend": "Jan
9, 2018 08:48:01.000000000 EET","text_cflow_protocol":
"17","text_cflow_post_natsource_ipv4_address":
"10.150.206.12","text_cflow_post_natdestination_ipv4_address":
"129.6.15.27","text_cflow_post_naptdestination_transport_port":
"123","text_cflow_srcport": "60839","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_enterprise_private_entry":
"4e:54:50","cflow_enterprise_private_entry_cflow_string_len_short":
"3","text_cflow_enterprise_private_entry":
"4e:54:50","cflow_enterprise_private_entry_cflow_string_len_short":
"3","text_cflow_enterprise_private_entry": "00:00","text_cflow_outputint":
"111","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_srcaddr": "10.150.206.12","text_cflow_srcaddrv6":
"::","text_cflow_srcas": "0","text_cflow_dstas": "0","text_cflow_dstaddrv6":
"::","text_cflow_dstaddr": "129.6.15.27","text_cflow_dstport":
"123","text_cflow_permanent_octets": "196","text_cflow_inputint":
"111","text_cflow_permanent_packets": "2","text_text": "Flow
8","text_cflow_timedelta": "20.000000000","cflow_timedelta_cflow_abstimestart":
"Jan 9, 2018 08:47:41.000000000 EET","cflow_timedelta_cflow_abstimeend": "Jan
9, 2018 08:48:01.000000000 EET","text_cflow_protocol":
"17","text_cflow_post_natsource_ipv4_address":
"10.33.171.175","text_cflow_post_natdestination_ipv4_address":
"193.227.177.130","text_cflow_post_naptdestination_transport_port":
"53","text_cflow_srcport": "13163","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_enterprise_private_entry":
"44:4e:53","cflow_enterprise_private_entry_cflow_string_len_short":
"3","text_cflow_enterprise_private_entry":
"44:4e:53","cflow_enterprise_private_entry_cflow_string_len_short":
"3","text_cflow_enterprise_private_entry": "00:00","text_cflow_outputint":
"121","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_srcaddr": "10.33.171.175","text_cflow_srcaddrv6":
"::","text_cflow_srcas": "0","text_cflow_dstas": "0","text_cflow_dstaddrv6":
"::","text_cflow_dstaddr": "193.227.177.130","text_cflow_dstport":
"53","text_cflow_permanent_octets": "1823","text_cflow_inputint":
"121","text_cflow_permanent_packets": "8","text_text": "Flow
9","text_cflow_timedelta": "10.000000000","cflow_timedelta_cflow_abstimestart":
"Jan 9, 2018 08:47:51.000000000 EET","cflow_timedelta_cflow_abstimeend": "Jan
9, 2018 08:48:01.000000000 EET","text_cflow_protocol":
"6","text_cflow_post_natsource_ipv4_address":
"10.3.86.25","text_cflow_post_natdestination_ipv4_address":
"172.217.19.138","text_cflow_post_naptdestination_transport_port":
"443","text_cflow_srcport": "17062","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_enterprise_private_entry":
"4e:6f:74:20:61:6e:61:6c:79:7a:65:64:20:28:4d:69:64:2d:73:74:72:65:61:6d:20:73:74:61:72:74:29","cflow_enterprise_private_entry_cflow_string_len_short":
"31","text_cflow_enterprise_private_entry":
"4e:6f:74:20:61:6e:61:6c:79:7a:65:64:20:28:4d:69:64:2d:73:74:72:65:61:6d:20:73:74:61:72:74:29","cflow_enterprise_private_entry_cflow_string_len_short":
"31","text_cflow_enterprise_private_entry": "00:00","text_cflow_outputint":
"0","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_srcaddr": "10.3.86.25","text_cflow_srcaddrv6":
"::","text_cflow_srcas": "0","text_cflow_dstas": "0","text_cflow_dstaddrv6":
"::","text_cflow_dstaddr": "172.217.19.138","text_cflow_dstport":
"443","text_cflow_permanent_octets": "157","text_cflow_inputint":
"121","text_cflow_permanent_packets": "1","text_text": "Flow
10","text_cflow_timedelta":
"20.000000000","cflow_timedelta_cflow_abstimestart": "Jan 9, 2018
08:47:41.000000000 EET","cflow_timedelta_cflow_abstimeend": "Jan 9, 2018
08:48:01.000000000 EET","text_cflow_protocol":
"17","text_cflow_post_natsource_ipv4_address":
"10.33.7.16","text_cflow_post_natdestination_ipv4_address":
"194.126.16.38","text_cflow_post_naptdestination_transport_port":
"53","text_cflow_srcport": "20980","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_enterprise_private_entry":
"44:4e:53","cflow_enterprise_private_entry_cflow_string_len_short":
"3","text_cflow_enterprise_private_entry":
"44:4e:53","cflow_enterprise_private_entry_cflow_string_len_short":
"3","text_cflow_enterprise_private_entry": "00:00","text_cflow_outputint":
"111","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_srcaddr": "10.33.7.16","text_cflow_srcaddrv6":
"::","text_cflow_srcas": "0","text_cflow_dstas": "0","text_cflow_dstaddrv6":
"::","text_cflow_dstaddr": "194.126.16.38","text_cflow_dstport":
"53","text_cflow_permanent_octets": "418","text_cflow_inputint":
"111","text_cflow_permanent_packets": "2","text_text": "Flow
11","text_cflow_timedelta":
"20.000000000","cflow_timedelta_cflow_abstimestart": "Jan 9, 2018
08:47:41.000000000 EET","cflow_timedelta_cflow_abstimeend": "Jan 9, 2018
08:48:01.000000000 EET","text_cflow_protocol":
"17","text_cflow_post_natsource_ipv4_address":
"69.140.129.129","text_cflow_post_natdestination_ipv4_address":
"92.62.168.91","text_cflow_post_naptdestination_transport_port":
"53","text_cflow_srcport": "47783","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_enterprise_private_entry":
"44:4e:53","cflow_enterprise_private_entry_cflow_string_len_short":
"3","text_cflow_enterprise_private_entry":
"44:4e:53","cflow_enterprise_private_entry_cflow_string_len_short":
"3","text_cflow_enterprise_private_entry": "00:00","text_cflow_outputint":
"111","text_cflow_enterprise_private_entry":
"","cflow_enterprise_private_entry_cflow_string_len_short":
"0","text_cflow_srcaddr": "69.140.129.129","text_cflow_srcaddrv6":
"::","text_cflow_srcas": "0","text_cflow_dstas": "0","text_cflow_dstaddrv6":
"::","text_cflow_dstaddr": "92.62.168.91","text_cflow_dstport":
"53","text_cflow_permanent_octets": "4564","text_cflow_inputint":
"111","text_cflow_permanent_packets": "2"}}}
and can we extract each flow separated ex: each line Flow 8 in line flow 9 in
line?
Regards,
Elias
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
