[IPFIX] Question regarding packet capturing with IPFIX

Prashant Upadhyaya <prashant.upadhyaya@aricent.com> Fri, 10 April 2015 05:33 UTC

Return-Path: <prashant.upadhyaya@aricent.com>
X-Original-To: ipfix@ietfa.amsl.com
Delivered-To: ipfix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id BEEEF1A6FFF for <ipfix@ietfa.amsl.com>; Thu, 9 Apr 2015 22:33:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.712
X-Spam-Status: No, score=-0.712 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id E3EoENYGx_G6 for <ipfix@ietfa.amsl.com>; Thu, 9 Apr 2015 22:33:11 -0700 (PDT)
Received: from jaguar.aricent.com (jaguar.aricent.com []) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 580441A6EFC for <ipfix@ietf.org>; Thu, 9 Apr 2015 22:33:11 -0700 (PDT)
Received: from jaguar.aricent.com (unknown []) by IMSVA (Postfix) with ESMTP id 92EF921A4B6 for <ipfix@ietf.org>; Fri, 10 Apr 2015 11:03:08 +0530 (IST)
Received: from GURCASV01.AD.ARICENT.COM (unknown []) by jaguar.aricent.com (Postfix) with ESMTPS id 779F221A491 for <ipfix@ietf.org>; Fri, 10 Apr 2015 11:03:08 +0530 (IST)
Received: from GURMBXV02.AD.ARICENT.COM ( by GURMBXV03.AD.ARICENT.COM ( with Microsoft SMTP Server (TLS) id 15.0.847.32; Fri, 10 Apr 2015 11:03:06 +0530
Received: from GURMBXV02.AD.ARICENT.COM ([]) by GURMBXV02.AD.ARICENT.COM ([]) with mapi id 15.00.0847.030; Fri, 10 Apr 2015 11:03:06 +0530
From: Prashant Upadhyaya <prashant.upadhyaya@aricent.com>
To: "ipfix@ietf.org" <ipfix@ietf.org>
Thread-Topic: Question regarding packet capturing with IPFIX
Thread-Index: AdBzT4DkarROHuwfSsaYZ9X6lSAFtA==
Date: Fri, 10 Apr 2015 05:33:05 +0000
Message-ID: <3280fb63009e499dbdeeceeb1049f06f@GURMBXV02.AD.ARICENT.COM>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_3280fb63009e499dbdeeceeb1049f06fGURMBXV02ADARICENTCOM_"
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipfix/9UQQ3D1grEnOlbMYdoIVwoqVwp8>
Subject: [IPFIX] Question regarding packet capturing with IPFIX
X-BeenThere: ipfix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IPFIX WG discussion list <ipfix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipfix>, <mailto:ipfix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipfix/>
List-Post: <mailto:ipfix@ietf.org>
List-Help: <mailto:ipfix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipfix>, <mailto:ipfix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Apr 2015 05:34:57 -0000


We can sample an IP flow with IPFix.
My question is that when a packet is picked up in the sampling in IPFix, can I take that full packet out and export it outside for analysis or only a certain number of bytes of that packet as an upper limit.
Eg. when using sFlow, the sampled packet's maximum number of bytes captured is 256.


"DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."