How to decode NetFLOW in WireShark

Article Id: 48837
Status: Published
Updated On: 14-02-2018 07:42
Legacy Id: TEC591166
Products:
APPLICATION DELIVERY ANALYSIS , SUPERAGENT , EHEALTH - MISC , CA eHealth Performance Management - Data Polling , CA eHealth Performance Management - Usage and Administration , DEVELOPER PROG , REMOTE POLLER , CA Infrastructure Performance , CA NetVoyant (NetQoS / NV)
Issue/Introduction:

Description:

How to decode NetFLOW in WireShark

For more information on WireShark please go to WireShark.com website.

Solution:

  1. Install wireshark
  2. Double click on the capture file
  3. Filter to the device (display filter "ip.addr == 10.252.1.6")
  4. Right click on the netflow packets and select "Decode As"
  5. Transport layer, UDP destination 9995 as CFLOW

Environment:

Release: RAIB1H99000-9.1-Network Flow Analysis-Interface Bundle-Hardware
Component: