Open tongchenqiang opened 1 year ago
pphaal
commented
1 year ago Defining Flows lists the protocols and fields that sFlow-RT is able to decode from the sFlow packets headers. The Browse Flows application uses sFlow-RT's API's to learn the fields that have been seen and to program flows based on those fields.
The existing set of of fields is extensive. What additional protocols/fields are you interested in seeing?
tongchenqiang
commented
1 year ago Sorry, I don't quite understand. I want to know how sflow-rt parses the sflow message? Can you tell me which part of the source code is about parsing the sflow message?
pphaal
commented
1 year ago sFlow-RT is closed source, so you cannot see how it parses the sFlow messages. You could look at sflowtool if you want an open source example as a starting point for writing your own sFlow analyzer.
tongchenqiang
commented
1 year ago Thanks you! Do you know where the code for parsing sflow messages is in the tool sflowtool?Maybe you can help me?
Hello, I want to use the browse-flows app to parse custom protocol packets,The sflow packet structure is roughly 14 bytes of source mac address and destination mac address,In between are 44 bytes of other content, followed by 20 bytes of header information,Finally, there are some data information.I want to know where to modify the code to resolve such a protocol.Thank you!