How to modify and collect custom protocols？

[tongchenqiang]

Hello, I have installed host sflow in Centos6 and I would like to use it to collect custom protocols. The first 14 bytes of the custom protocol packet structure are the source MAC address and destination MAC address, as well as the 2 bytes protocol label. Next, there are 44 bytes of other content, followed by 20 bytes of content containing the source IP and destination IP. When I use the flow render app and choose ipsource and ipdestination, I cannot see the content. How should I modify the source code?

[sflow]

It sounds like you just need an sFlow collector that will decode these packets. I am not familiar with the "flow render" app. Which tool is that? (Are you referring to the "browse-flows" app in sFlow-RT?)

If you capture some of the sFlow datagrams to a .pcap file and then open the .pcap file in Wireshark it should decode the sampled headers for you. That would tell you what needs to happen in the sFlow collector you are using. Please share details here.

[tongchenqiang]

Sorry, it should be the "flow-trend" app in Sflow-Rt. I want to know how to capture some of the sFlow datagrams to a .pcap file？Can you help me?Thank you!

[sflow]

Something like:

sudo tcpdump -i any -s 0 -c 10 -w sflow.pcap udp port 6343

[tongchenqiang]

Thank you!