This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark 1.10.6 version cannot decode IPFIX RFC 7012 fields

0

Hi, I am running wireshark version 1.10.6 on my ubuntu version. I am exporting IPFIX flows. However WLAN fields like, 365 staMacAddress 366 staIPv4Address 367 wtpMacAddress are not decoded in wireshark. Its reported as unknown. These fields are from IPFIX RFC 7012.

Any help will be appreciated.

Thanks SUNNY

asked 06 Apr '15, 16:03

sunnycs's gravatar image

sunnycs
6112
accept rate: 0%

One Answer:

0

These fields were implemented in development in the Wireshark netflow(ipfix) dissector in Sep 2014..

The added code was considered an "enhancement" and thus was not backported to Wireshark 1.10 or 1.12.

So: (to be able to see these fields)

  1. You can download a Windows "development version" (1.99.5) and examine capture files as needed on a Windows PC (see wireshark.org/download.html).

  2. You can build a "development" Wireshark on Ubuntu from the Wireshark development sources.

  3. You can wait until the next major Wireshark release (1.14) which I expect will be available sometime in May/June 2015.

answered 06 Apr '15, 17:42

Bill%20Meier's gravatar image

Bill Meier ♦♦
3.2k1850
accept rate: 17%

edited 06 Apr '15, 17:45