is there option know version number of netflow data. have pcap file generated using tcpdump. using opensource (which depends on tshark) converted pcap data netflow. not able find out version of netflow in? netflow v5 or v7....or ipfix.
there way tell netflow version looking @ data?
if using pcap file generate , export netflow on wire, version number in second byte of payload of udp packet. value 5, 7, 9, or 'a' (in case of ipfix).
however, if have used textual format dump records disk, technically not versioned netflow until export them somehow on wire.
Comments
Post a Comment