Ethereal-dev: Re: [Ethereal-dev] Netflow v9 templates

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Motonori Shindo <mshindo@xxxxxxxxxxx>
Date: Wed, 02 Nov 2005 11:05:20 +0900 (JST)
Paul,

From: <paul.sellnow@xxxxxxx>
Subject: [Ethereal-dev] Netflow v9 templates
Date: Tue, 1 Nov 2005 10:20:21 -0600

> Is it possible to enhance the Netflow v9 dissector so that if no specific template record is found, a default template would be applied in the detail pane as a best effort to decode the flow records?

That's technically doable. However, the question is how to determine
such a "default" template. We may be able to choose the one used by
the seemingly most common NetFlow V9 exporter (Cisco?), but I am
personally a bit reluctant to this approach because Cisco may change
the template they use without any notices, or other vendors may become
more prevalent than Cisco, etc.

An ideal approach would be to allow users define an arbitrary template
that'll be applied to a data flowset not defined in any template
flowset. This is flexible but will require much more work (e.g. define
a notation to express a template and parse it accordingly, etc.)

Regards,

---
Motonori Shindo
Fivefront Corporation