From: Tim Durack (tdurack@yahoo.com)
Date: 08/04/03
--- Jeff Rizzo <riz@boogers.sf.ca.us> wrote:
> On Mon, Aug 04, 2003 at 11:31:12AM -0700, Tim Durack wrote:
> > Thanks - this is very useful!
> >
> > One thing to note, it will only decode sflow if the destination
> port is
> > 6343. That caught me out as I tend to forward to higher ports.
> >
> > If using this with Windows, it is useful to remember that you can
> run
> > sflowtool.exe like this:
> >
> > sflowtool.exe -p 6343 1>nul 2>nul
> >
> > It is not necessary to be running sflowtool to capture the
> datagrams,
> > but there will be a lot of ICMP port unreachables if you don't.
> >
> > What display filters can be used with the current dissector?
>
> Thanks for the feedback-
>
> You can actually decode traffic on other ports as sflow- that's how I
> did most of my testing... you have to know that it's sflow, though.
> Just select the traffic in question, right-click and choose "Decode
> As..."
> and then select sflow from the list. It also allows you to specify
> source or destination ports as being sflow.
>
> I'm afraid I don't quite follow your 'display filters' question -
> I'm not exactly an expert on Ethereal, though.
>
> +j
>
That makes sense. I'm not really an Ethereal expert either...
Can I do something like sflow.agent = 10.0.0.1 to display all sflow
datagrams from a specific agent?
Can I filter against the sampled packet fields?
Tim:>
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
This archive was generated by hypermail 2.1.4 : 08/04/03 PDT