How to decode NetFLOW in WireShark

book

Article ID: 48837

calendar_today

Updated On:

Products

APPLICATION DELIVERY ANALYSIS SUPERAGENT EHEALTH CA Infrastructure Performance CA NetVoyant (NetQoS / NV) CA eHealth

Issue/Introduction

Description:

How to decode NetFLOW in WireShark

For more information on WireShark please go to WireShark.com website.

Solution:

  1. Install wireshark
  2. Double click on the capture file
  3. Filter to the device (display filter "ip.addr == 10.252.1.6")
  4. Right click on the netflow packets and select "Decode As"
  5. Transport layer, UDP destination 9995 as CFLOW

Environment

Release: RAIB1H99000-9.1-Network Flow Analysis-Interface Bundle-Hardware
Component:
Powered by Wolken Software