Hey wireshark gurus, In my captures I have got all the data templates and option templates. Then in the flowsets which contain the actual flow data, the flowset specifying the data template is decoded perfectly fine however the flowset specifying the option template is shown as "no template found"... Any idea where I did wrong? I am using the version 1.12.0. Thanks! Difan asked 27 Aug '14, 08:54  difan |
One Answer:
This looks like a bug. There's explicit code in the netflow dissector to ignore an options template if the "options scope length" is zero in the template. However, a quick read of the Cisco V9 protocol descriptions indicates to me that an options template having an option scope length of zero is OK. And, obviously, your capture has '0' for the options template scope length. Minor Q: What kind of equipment (router ?) generated the data in this capture ? I'll need to do some further research, but this certainly looks like a bug. In any case, it would be appreciated if you could file a bug at bugs.wireshark.org (attaching the capture file) so that the bug can be tracked & etc. answered 28 Aug '14, 11:58  Bill Meier ♦♦ edited 28 Aug '14, 12:00 Thanks Bill. I have created the bug report https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10432 It is from a Cisco 1841 router with 15.2 IOS Thanks! (28 Aug '14, 13:56) difan |
Maybe nothing :)
We'd have to look at the capture file to see if there's a bug (or what).
Can you post the capture file showing the issue someplace (e.g., dropbox) ?
Or: file a bug report at bugs.wireshark.org and attach the capture file to the report.
If you don't wish to have the capture file accessible by all, you can mark the bug report as private if you wish to restrict access to only the Wrieshark Core developers.
Thank you for the quick response! Please find the capture file at this link. https://www.dropbox.com/s/5s3oins53b5byd4/Netflow%20v9.pcapng?dl=0 The #3 packet contains the template. The rest packets have the "no template found" in many of them... Thanks!