Hello everyone!
I'm decoding a netflow stream, here's an example:
Спойлер
Cisco NetFlow/IPFIX
Version: 10
Length: 380
Timestamp: Jan 2, 2024 14:21:25.000000000 RTZ 2 (winter)
ExportTime: 1704194485
FlowSequence: 2793787977
Observation Domain Id: 524288
Set 1 [id=256] (4 flows)
FlowSet Id: (Data) (256)
FlowSet Length: 364
[Template Frame: 1521 (received after this frame)]
Flow 1
SrcAddr: 23.109.245.252
DstAddr: 85.143.64.233
IP ToS: 0x00
Protocol: TCP (6)
SrcPort: 443 (443)
DstPort: 58194 (58194)
ICMP Type: 0x0000
InputInt: 789
Vlan Id: 701
SrcMask: 24
DstMask: 20
SrcAS: 39134
DstAS: 5567
NextHop: 194.85.43.229
TCP Flags: 0x10, ACK
00.. .... = Reserved: 0x0
..0. .... = URG: Not used
...1 .... = ACK: Used
.... 0... = PSH: Not used
.... .0.. = RST: Not used
.... ..0. = SYN: Not used
.... ...0 = FIN: Not used
OutputInt: 836
MinTTL: 62
MaxTTL: 62
Flow End Reason: Active timeout (2)
IPVersion: 4
BGPNextHop: 194.85.40.19
Direction: Unknown (255)
Dot1q Vlan Id: 0
Dot1q Customer Vlan Id: 0
fragIdent: 0
Octets: 1500
Packets: 1
[Duration: 0.000000000 seconds (milliseconds)]
StartTime: Jan 2, 2024 14:20:24.064000000 RTZ 2 (winter)
EndTime: Jan 2, 2024 14:20:24.064000000 RTZ 2 (winter)
Flow 2
Flow 3
Flow 4
I would like to additionally decode the "Observation Domain Id" field, which has ElementID 149.
How can this be configured?