I believe each vendor may use their own implementation of cflowd v8
aggregates to conserve output. From Cisco's website at:
http://www.cisco.com/warp/public/cc/pd/iosw/ioft/neflct/tech/napps_wp.htm
... snip snip ...
NetFlow Export Version 8 Header Format
ushort version; /* Current version */
ushort count; /* The number of records in PDU. */
ulong SysUptime; /* Current time in msecs since router booted */
ulong unix_secs; /* Current seconds since 0000 UTC 1970 */
ulong unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */
ulong flow_sequence; /* Seq counter of total flows seen */
uchar engine_type; /* Type of flow switching engine */
uchar engine_id; /* Slot number of the flow switching engine */
uchar aggregation; /* Aggregation method being used */
uchar agg_version; /* Version of the aggregation export=2 */
... snip snip ...
Short of sniffing the traffic I wasn't able to locate Juniper's header
format on their website though it may be well placed somewhere. You may
also be able to perform a trace and gather what the header looks like from
the log file. Help on how to do this is available at (v5):
http://www.juniper.net/techpubs/software/junos44/swconfig44-interfaces/html/
sampling-config11.html
-- steve
-----Original Message-----
From: Mark Fullmer [mailto:maf@eng.oar.net]
Sent: Tuesday, June 12, 2001 6:44 PM
To: juniper-nsp@puck.nether.net
Subject: NetFlow export packet formats
Is there documentation for the flow export packet formats used by Juniper?
Version 5 looks to be the same as Cisco. Version 8 uses a different
aggregation version than exports from a Cisco router.
(sorry if this is a duplicate message, the mailing list dropped me
yesterday)
mark
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:36 EDT