[unisog] CISCO NetFlow
H. Morrow Long
morrow.long at yale.edu
Wed Sep 17 19:35:38 GMT 2003
ICMP has a message type and subtype rather than port #s.
In Netflow the port column when interpreted for ICMP is
a combination of the ICMP Message type code and subtype
encoded as the destination port (e.g. in 0x800 you would
see ICMPMessage Type 8 which is an ICMP Echo (request)).
For more on the OSU netflow tools see :
kamal hilmi othman wrote:
> Just curios , does anyone knows abt this ?
> SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP
> DstP Pkts
> Se3/0.16 10.1.10.1 Fa4/0 192.168.10.1 01 0000
> 0800 650
> Pr == Protocol
> DstP == Destination IP
> as of above ;
> converting 0800 to decimal is 2048 , not as everyone in this list aware
> that icmp has a port!
More information about the unisog