Security Basics mailing list archives
about netflow result(icmp type & code)
From: "Monty Ree" <chulmin2 () hotmail com>
Date: Mon, 09 Aug 2004 05:48:20 +0000
Hello, all. I would like to ask some about netflow.According to this site, http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml
I can monitor icmp echo request(type 8 code 0) like below,
Router>show ip cache flow | include 0000 0800SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts Fa2/0 XX.XX.XX.242 Fa1/0 XX.XX.XX.119 01 0000 0800 1
Fa2/0 XX.XX.XX.242 Fa1/0 XX.XX.XX.169 01 0000 0800 1 Fa2/0 XX.XX.XX.204 Fa1/0 XX.XX.XX.63 01 0000 0800 1 Fa2/0 XX.XX.XX.204 Fa1/0 XX.XX.XX.111 01 0000 0800 1 Fa2/0 XX.XX.XX.204 Fa1/0 XX.XX.XX.95 01 0000 0800 1 Fa2/0 XX.XX.XX.204 Fa1/0 XX.XX.XX.79 01 0000 0800 1At this result, src port: 0000, dstp port: 0800.
Then, src port means "icmp code" and dst port means "icmp type" ? For example, Host Unreachable is type 3 code 1, Then,How can I find this icmp Host Unreachable ? "show ip cache flow | include 0001 0300" or not? Surely, I know that icmp has no port bu, type and code. Thanks in advance. _________________________________________________________________행운의 주인공이 이번엔 나일꺼야, 진짜루... 인터넷 복권 http://www.msn.co.kr/money/interlotto/
---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- about netflow result(icmp type & code) Monty Ree (Aug 09)