ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to decode NetFLOW in WireShark

book

Article ID: 48837

calendar_today

Updated On:

Products

APPLICATION DELIVERY ANALYSIS SUPERAGENT CA Infrastructure Performance CA NetVoyant (NetQoS / NV) CA eHealth

Issue/Introduction

Description:

How to decode NetFLOW in WireShark

For more information on WireShark please go to WireShark.com website.

Solution:

  1. Install wireshark
  2. Double click on the capture file
  3. Filter to the device (display filter "ip.addr == 10.252.1.6")
  4. Right click on the netflow packets and select "Decode As"
  5. Transport layer, UDP destination 9995 as CFLOW

Environment

Release: RAIB1H99000-9.1-Network Flow Analysis-Interface Bundle-Hardware
Component: