Thanks, no, I don't need a sample packet any more. Lynwood was good enough to send me one a few days ago. Turns out that the fields I was worrying about are all zero. I did have the 'seq' header field incrementing incorrectly, but that's fixed. Reverse-engineering software is one of the things I'm paid to do, so I had the tools needed for this job right at hand.
Because I couldn't get the (essentially proprietary) collector disk formats, I gave up on writing the storage disk files directly from the router process, and went to the overhead of generating, sending, and collecting the netflow v5 packets.
I'm now sending data that is compatable with the 'flow-tools' collector, so it's likely that any of the other capture and analysis tools would be happy with the packets I'm generating (and sending to the collector over the loopback interface). I'll give some of them a try.
So thanks for the offer, but I think it's a solved problem already. - Brian
On Thu, May 25, 2017 at 09:30:26AM +0200, Borja Marcos wrote:
Being late to the party. Let me know if you still need it. I can send you samples of Mikrotik and Juniper Netflow packets.
Anyway expect some chaos regarding Netflow. Originally it was just a Cisco thing and manufacturers and programmers make their own decisions, sometimes quite surprising.
Borja.