First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Can Wireshark convert sflow packets to "normal" traffic

Hi,

I have setup Sflow to send traffik to a server. I started Wireshark, hoping that i could start analyzing the packets, only to find out, that Wireshark doesnt extract the data from the Sflow. It only shows the actual sflow packet. How can i extract/convert the data to look like normal data?

Lars Arnth's avatar
1
Lars Arnth
asked 2020-08-19 09:14:14 +0000
edit flag offensive 0 remove flag close merge delete

Comments

What would "normal data" be? Are you looking for collector stats or something else?
(Note to future readers: the presentation @grahamb linked to shows wireshark-ntop , which includes a Lua plugin for Wireshark to display collector stats.)

Chuckc's avatar Chuckc (2020-08-19 14:13:14 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

1

I think you have a misunderstanding of sFlow, it's a sampling of traffic and does not contain the entire traffic flow.

See the SharkFest US 18 presentation from Simone Mainardi on sFlow: Theory and Practice of a Sampling Technology for more info, particularly the slides on when sFlow is not useful.

grahamb's avatar
23.8k
grahamb
answered 2020-08-19 09:43:32 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer