25 May
2017
25 May
'17
3:30 a.m.
On 22 May 2017, at 12:20, Brian Kantor
<Brian(a)UCSD.Edu> wrote:
If one of you who has an operational netflow setup would be kind enough
to capture ONE netflow packet using tcpdump and send me the hex dump
of the packet, I can extract the real-world values from the packet and
make mine conform. All I really need are the values of the 'engine_type'
and 'engine_id', bytes 21 and 22 (counting from zero as the first byte)
of the packet data. A dump of the netflow header (the first 24 bytes
of one packet) or a whole packet in hex would do very nicely, thank you.
Being late to the party. Let me know if you still need it. I can send you samples of
Mikrotik and
Juniper Netflow packets.
Anyway expect some chaos regarding Netflow. Originally it was just a Cisco thing and
manufacturers
and programmers make their own decisions, sometimes quite surprising.
Borja.