-
-
Save bluecmd/dd3d13fd6bf70f8b47a11d3452f40396 to your computer and use it in GitHub Desktop.
sFlow 5 sample / payload size inconsistency
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
InMon sFlow | |
Datagram version: 5 | |
Agent address type: IPv4 (1) | |
Agent address: 240.127.1.1 | |
Sub-agent ID: 100000 | |
Sequence number: 368791 | |
SysUptime: 6 days, 20 hours, 19 minutes, 11 seconds (591551010ms) | |
NumSamples: 2 | |
Flow sample, seq 90601 | |
0000 0000 0000 0000 0000 .... .... .... = Enterprise: standard sFlow (0) | |
.... .... .... .... .... 0000 0000 0001 = sFlow sample type: Flow sample (1) | |
Sample length (byte): 184 | |
Sequence number: 90601 | |
0000 0000 .... .... .... .... .... .... = Source ID class: 0 | |
.... .... 0000 0000 0000 0000 0001 0001 = Index: 17 | |
Sampling rate: 1 out of 100000 packets | |
Sample pool: 470165408 total packets | |
Dropped packets: 0 | |
Input interface (ifIndex): 17 | |
Output interface: 0x0000000d | |
Flow record: 1 | |
Raw packet header | |
0000 0000 0000 0000 0000 .... .... .... = Enterprise: standard sFlow (0) | |
Format: Raw packet header (1) | |
Flow data length (byte): 144 | |
Header protocol: Ethernet (1) | |
Frame Length: 132 | |
Payload removed: 4 | |
Original packet length: 128 | |
Header of sampled packet: … | |
Ethernet II, Src: Cisco_1a:36:f7 (b0:8b:cf:1a:36:f7), Dst: JuniperN_bb:89:cb (fc:96:43:bb:89:cb) | |
802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 1991 | |
Internet Protocol Version 4, Src: X.Y.Z.A, Dst: X.Y.Z.B | |
0100 .... = Version: 4 | |
.... 0101 = Header Length: 20 bytes (5) | |
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) | |
Total Length: 1480 | |
Identification: 0xd6a9 (54953) | |
Flags: 0x00 | |
Fragment Offset: 0 | |
Time to Live: 63 | |
Protocol: UDP (17) | |
Header Checksum: 0x87fa [validation disabled] | |
[Header checksum status: Unverified] | |
Source Address: X.Y.Z.A | |
Destination Address: X.Y.Z.B | |
User Datagram Protocol, Src Port: 61580, Dst Port: 9930 | |
Source Port: 61580 | |
Destination Port: 9930 | |
Length: 1460 | |
Checksum: 0xcaff [unverified] | |
[Checksum Status: Unverified] | |
[Stream index: 7] | |
UDP payload (82 bytes) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment