04-01-2020 06:27 PM
hi experts, hope you are doing well
we have stealthwatch working fine, but in sometimes we stop receiveing flows in the flow collector
after capturing traffic, i see cflow packets, but it shows like malformed, what could be the reason to this?
and a healthy traffic captured it shows all the flows and i can see the ip address and ports
but with the malformed pcap, it doesnt show any ip-port information, i post the wireshak info, can you give me some guidance please, it receives data from ASA contexts,
Solved! Go to Solution.
04-01-2020 08:10 PM
Please open TAC case with the whole pcap file and reproduce the procedure.
TAC team can help to analyze this issue. It looks FC can't understand Expert Info section. If this is as designed, FC or ASA side should change this flow format. TAC team can analyze and search this is an expected issue or defect.
04-01-2020 08:10 PM
Please open TAC case with the whole pcap file and reproduce the procedure.
TAC team can help to analyze this issue. It looks FC can't understand Expert Info section. If this is as designed, FC or ASA side should change this flow format. TAC team can analyze and search this is an expected issue or defect.
04-01-2020 08:33 PM
Additionally, I search "no template found" and get the pcap side issue. It means Wireshark doesn't understand that field.
This issue includes many factors to analyze. So please open TAC case.
04-02-2020 03:27 AM
04-02-2020 03:29 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide