This is our old Q&A Site. Please post any new questions and answers at

I want to use capture filter to get all the cflow (Netflow) templates that are being sent by a router.

I can use "host" as capture filter to filter out other IPs, but how to use cflow.templateid in capture filter section..

Basically router would be sending millions of flows on some UDP port 9995 and I want to run it for atleast a day. Wireahrk would hang if I only use "host" filter since the captured data is too huge.

asked 22 May '16, 22:05

Satya_Mokalla's gravatar image

accept rate: 0%

Display filter allows more detailed filtering than capture filter because it uses the results of packet dissection. Packet dissection consumes memory to maintain state information about the packet flows. Therefore, the best way to capture high volumes of traffic is to use dumpcap and post-process its output files which can be done multiple times. More details can be found here.

If you can identify some byte patterns at fixed positions in the cflow payload and the cflow PDUs always fit into a single packet, you may be able to look for these patterns using a capture filter. To find the syntax necessary for an advanced case like yours, where you need to look into tcp payload which may be located at different offsets depending on the presence of tcp options, search for "Capture HTTP GET requests" at this page.

permanent link

answered 23 May '16, 00:57

sindy's gravatar image

accept rate: 24%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 22 May '16, 22:05

question was seen: 1,952 times

last updated: 23 May '16, 00:57

p​o​w​e​r​e​d by O​S​Q​A