This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

reading (decoding?) IPFIX in wireshark

0

Hey,

I can detect CFLOW messages in wireshark and they have the information I need,like the src address, dest address etc but when I do Follow UDP Stream the output in ASCII are characters like these ".J.B......2........" for example. So does anyone know if there is a way to decode these characters to get something useful out of them.

Thank you!

asked 13 Sep '12, 23:08

remit's gravatar image

remit
1111
accept rate: 0%

If you find out, I would love to know as well!

(01 Nov '12, 09:57) BWB8771

One Answer:

0

"Follow TCP Stream" and "Follow UDP Stream" serve two purposes. The main purpose is to show a simple display of text-based protocols; a secondary purpose is that they also filter the display to show the packets in a given TCP or UDP conversation.

The first of those purposes is not useful for non-text-based protocols. For non-text-based protocols, you just use the packet dissection, as shown in the packet summary and packet details pane. The ASCII characters - or rather the raw bytes corresponding to them - are decoded by the Wireshark dissectors.

answered 01 Nov '12, 12:08

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%