From: Jeff Rizzo (riz@boogers.sf.ca.us)
Date: 08/04/03
On Mon, Aug 04, 2003 at 11:31:12AM -0700, Tim Durack wrote:
> Thanks - this is very useful!
>
> One thing to note, it will only decode sflow if the destination port is
> 6343. That caught me out as I tend to forward to higher ports.
>
> If using this with Windows, it is useful to remember that you can run
> sflowtool.exe like this:
>
> sflowtool.exe -p 6343 1>nul 2>nul
>
> It is not necessary to be running sflowtool to capture the datagrams,
> but there will be a lot of ICMP port unreachables if you don't.
>
> What display filters can be used with the current dissector?
Thanks for the feedback-
You can actually decode traffic on other ports as sflow- that's how I
did most of my testing... you have to know that it's sflow, though.
Just select the traffic in question, right-click and choose "Decode As..."
and then select sflow from the list. It also allows you to specify
source or destination ports as being sflow.
I'm afraid I don't quite follow your 'display filters' question -
I'm not exactly an expert on Ethereal, though.
+j
This archive was generated by hypermail 2.1.4 : 08/04/03 PDT