Re: [Nfsen-discuss] ICMP "port"?
Netflow visualisation and investigation tool
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfsen-discuss] ICMP "port"?
|
From: Peter H. <ha...@sw...> - 2006-08-16 06:11:38
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Gabor, All nfdump stable versions report ICMP flows including port information. src port is always 0 dst port includes icmp type/code with type in the high oder byte, code in the lower order byte. Starting with snapshot 20060614 icmp type/code is decoded in printed as 'type:code' nfdump-stable: 127.0.0.1:0 -> 127.0.0.2:771 nfdump-snapshots: 127.0.0.1:0 -> 127.0.0.2 3:1 - Peter - -------- Original Message -------- From: Kiss Gabor <ki...@ss...> To: nfs...@li... Subject: [Nfsen-discuss] ICMP "port"? Date: Tue Aug 15 2006 08:25:08 GMT+0200 (CEST) > An nfdump question (off topic a bit): > > What is the "port number" in nfdump output in case of an ICMP flow? > > Date flow start Duration Proto Src IP Addr:Port > Dst IP Addr:Port Packets Bytes Flows > 2006-08-14 10:09:45.751 0.000 ICMP xxx.x.xx.xx:0 -> > 10.255.255.55:2048 1 84 1 > > It can not be the ICMP type because that is 8 bit length only. > > Gabor > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Nfsen-discuss mailing list > Nfs...@li... > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss > - -- _______ SWITCH - The Swiss Education and Research Network ______ Peter Haag, Security Engineer, Member of SWITCH CERT PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland E-mail: pet...@sw... Web: http://www.switch.ch/security -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iQCVAwUBROK3D/5AbZRALNr/AQJw0gQAmN9I9mha7OhrSGDGMaPY8EcCV2n8Xtp2 vSlISXXPWSUCHsWU/RQcjdNXoHP6xMr3PXI6dJInOo+tkahqN481hYn0hFY4Buy/ 3FPXZFcTNA5aQuKEDVFUI1PWrsasOw2B/76ppOZUevULb6qv8dV+w8mQhxMDc49s 8gURFqToeOI= =bD1k -----END PGP SIGNATURE----- |
