Okay, so to fine-tune my add-on "me too" reply, I'm not looking for a "Follow ___ stream" capability, so much as being able to decipher the IETF IPFIX implementation. In my situation today, I'm needing to detect whether my Nortel Ethernet switches are, in fact, providing info for all the rfc-defined/formatted fields. asked 01 Nov '12, 12:18  BWB8771 converted to question 01 Nov '12, 12:31  Guy Harris ♦♦ |
One Answer:
Hi, As far as I know, Nortel only uses Netflow v9 and calls it IPFIX. The reason for this is that they legally could not use the term NetFlow as it is a Cisco trademark. Unless something has changed very recently, Nortel switches are NOT RFC compliant IPFIX exporters. More proof here: http://www.plixer.com/blog/netflow/nortel-switches-and-ipfix-a-mixed-message/ -Mike Krygeris answered 01 Nov '12, 13:50  mkrygeri |
"Decipher" in the sense of "understand the RFCs" or "decipher" in the sense of "decode the packets"? Wireshark can't help you much with the former; does its dissection of IPFIX packets not sufficiently decode the packets?