Hi All
We're trying to parse sFlow data, we have flow samples which record their data
in format 1 i.e. Raw Packet Header format. The problem is that we cannot find
any documentation specifying what fields go where within the header. So for
the examples below:-
startSample ----------------------
sampleType FLOWSAMPLE
flowSampleType HEADER
headerLen 66
headerBytes
00-14-6C-60-CB-B2-00-09-6B-8C-43-A8-08-00-45-00-00-34-7C-88-40-00-3F-06-2B-5A
-58-60-87-C1-45-3C-6E-84-FC-6C-03-E1-19-33-B3-BF-1D-96-EA-34-80-10-FF-FF-B2-F
1-00-00-01-01-08-0A-19-5D-AB-41-46-91-4F-AE
dstMAC 00146c60cbb2
srcMAC 00096b8c43a8
IPSize 52
ip.tot_len 52
srcIP 88.96.135.193
dstIP 69.60.110.132
IPProtocol 6
IPTOS 0
IPTTL 63
TCPSrcPort 64620
TCPDstPort 993
TCPFlags 16
endSample ----------------------
Is there documentation to tell us at what byte within the headerBytes to find
srcIP, dstIP IPProtocol, IPTOS, TCPSrcPort, TCPDstPort?
startSample ----------------------
sampleType FLOWSAMPLE
flowSampleType HEADER
headerLen 128
headerBytes
00-14-6C-60-CB-B2-00-09-6B-8C-43-A8-08-00-45-00-05-D4-52-7E-00-00-FE-11-F9-19
-58-60-87-C1-C1-C9-C9-95-1F-3F-15-B3-05-C0-54-95-00-05-00-1E-00-00-00-00-00-0
0-00-00-00-00-00-00-00-9F-22-F2-00-00-00-00-0A-0B-07-06-0A-15-66-01-00-00-00-
00-00-07-00-0B-00-00-00-00-00-01-5F-03-15-A4-42-D9-15-A4-42-D9-07-8F-02-02-00
-00-11-00-00-00-00-00-00-00-00-00-0A-15-66-01-0A-0B-07-06-00-00-00-00-00-0B
dstMAC 00146c60cbb2
srcMAC 00096b8c43a8
IPSize 1492
ip.tot_len 1492
srcIP 88.96.135.193
dstIP 193.201.201.149
IPProtocol 17
IPTOS 0
IPTTL 254
UDPSrcPort 7999
UDPDstPort 5555
UDPBytes 1472
endSample ----------------------
Is there documentation to tell us at what byte within the headerBytes to find
srcIP, dstIP IPProtocol, IPTOS, UDPSrcPort, UDPDstPort, UDPBytes?
Also where in this data is the actual bytes transfered by each of the flows?
Any comments or suggestions would be greatly appreciated.
Regards
Mandip
Received on Thu Nov 23 11:37:44 2006
This archive was generated by hypermail 2.1.8 : 11/23/06 PST