Re: [PATCH] print-sflow.c - actually print more

[Rick Jones <rick.jones2 () hp com>]

Either I fumbled trying the patch or something else has gone amis
because with a freshly cloned tcpdump, and a new set of sflows I get
output like:

raj@tardy:~/tcpdump$ ./tcpdump -r /tmp/sflow.pcap -vvv
reading from file /tmp/sflow.pcap, link-type EN10MB (Ethernet)
16:45:18.468863 IP (tos 0x0, ttl 64, id 48091, offset 0, flags [none],
proto UDP (17), length 1232)
    the-switch.54321 > z400.sflow: [udp sum ok] sFlowv5, IPv4 agent
the-switch, agent-id 0, seqnum 5908, uptime 2294190, samples 6, length
1204
        flow sample (1), length 208,
        flow sample (1), length 148,
        flow sample (1), length 208,
        flow sample (1), length 148,
        flow sample (1), length 208,
        flow sample (1), length 208,

...

16:47:41.409631 IP (tos 0x0, ttl 64, id 49088, offset 0, flags [none],
proto UDP (17), length 1348)
    the-switch.54321 > z400.sflow: [udp sum ok] sFlowv5, IPv4 agent
the-switch, agent-id 0, seqnum 6903, uptime 2437130, samples 7, length
1320
        flow sample (1), length 208,
        flow sample (1), length 148,
        flow sample (1), length 208,
        counter sample (2), length 168,
        counter sample (2), length 168,
        counter sample (2), length 168,
        counter sample (2), length 168,

when I was expecting something rather more verbose.  I've uploaded the
pcap file to ftp://ftp.netperf.org/netperf/misc/sflow.pcap.gz . This
time it is from a completely private switch doing nothing but sending
sflow counters and configured for some flow samples while I was running
a single instance of netperf through it.

rick jones

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.