03-05-2010 03:46 AM - edited 03-11-2019 10:17 AM
Hi,
When we export NSEL from Cisco ASA, we have seen some additional field types 7233,7235 and 7237. These fields are not defined in Cisco ASA NSEL implementation notes.
What these fields refer to?
Thanks
Raj
03-05-2010 10:50 AM
I think you are using Wireshark to view NSEL files. Wireshark do not parse and present the V9 packets correctly. You should use Ethereal, where you do not face this issue.
If you can only use Wireshark, then see the corresponding hexadecimal value in Wireshark for the selected component. For 7233, corresponding hexadecimal value you would see is 9c 41.
0x9c41 is Decimal 40001. 40001 refers NF_F_XLATE_SRC_ADDR_IPV4 as per this doc http://www.cisco.com/en/US/docs/security/asa/asa82/netflow/netflow.html
Senthil
03-30-2013 04:07 AM
Hello Raj,
Those elements (7233,7235 and 7237) are defined in Scrutinizer NetFlow Analyzer. NSEL does some unique things with NetFlow v9.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide