• The IPFIX firewall is enabled through NSX.
• Packet captures have been collected from either the ESXi host side or the collector side.
• Upon reviewing the packet capture in Wireshark, the flow data displayed as "Malformed."

Cisco NetFlow/IPFIX
    Version: 10
    Length: 1316
    Timestamp: Feb 25, 2025 05:25:09.000000000 PST
        ExportTime: 1740489909
    FlowSequence: 46100952
    Observation Domain Id: 38416
    Set 1 [id=294]
        FlowSet Id: (Data) (294)
        FlowSet Length: 1300
        Data (1296 bytes), no template found
            [Expert Info (Warning/Malformed): Data (1296 bytes), no template found]
                [Data (1296 bytes), no template found]
                [Severity level: Warning]
                [Group: Malformed]

VMware NSX enabled "IPFIX Firewall"

The "no template found" message from Wireshark indicates that the packet capture file does not include a data-template packet.
Wireshark requires the relevant data-template to correctly decode specific FlowSet IDs.

In an IPFIX firewall-enabled NSX environment, the data-template packet is sent from the ESXi host to the collector every 5 minutes.
To avoid issues in capturing this data, it’s recommended to capture packets from the wire for a duration of at least 5 minutes.
This ensures that at least one IPFIX data-template packet is included in the packet capture file, confirming the correct flow of data.

As for reference.

Example 1:Wireshark shows "Malformed" for the packet because the capture does not include a data-template packet.

Example 2:  In the same packet captures, when an additional data-template packet is included, Wireshark is able to decode the packet correctly.