search

ntop / nProbe

Open source components and extensions for nProbe
http://ntop.org
GNU General Public License v2.0
1.65k stars 44 forks source link

netflow v9 header count field with bad value #139

Closed lucadistefano closed 7 years ago

lucadistefano commented 7 years ago

Using nprobe v.7.5.160722.

I have generated netflow v9 with nprobe and noticed that the netflow header contains a bad value in 'count' field. It seems that nprobe in field count puts the amount of flow/template sets instead of what specified in rfc

    https://www.ietf.org/rfc/rfc3954.txt chapter 5.1

Count The total number of records in the Export Packet, which is the sum of Options FlowSet records, Template FlowSet records, and Data FlowSet records.

That generates a lot of warnings in netflow collector and in some implementations not all records are parsed, only the first.

In the netflow pcap in attachment you find packets with header field 'count' with value 1 but the total number of records are 3.

Thanks, Luca

netflow_header_count.zip

lucaderi commented 7 years ago

Fixed. It will be included in the overnight build