Home page logo
/

basics logo Security Basics mailing list archives

about netflow result(icmp type & code)
From: "Monty Ree" <chulmin2 () hotmail com>
Date: Mon, 09 Aug 2004 05:48:20 +0000

Hello, all.

I would like to ask some about netflow.

According to this site, http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml

I can monitor icmp echo request(type 8 code 0) like below,
Router>show ip cache flow | include 0000 0800
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts Fa2/0 XX.XX.XX.242 Fa1/0 XX.XX.XX.119 01 0000 0800 1
   Fa2/0      XX.XX.XX.242    Fa1/0    XX.XX.XX.169  01 0000 0800    1
   Fa2/0      XX.XX.XX.204    Fa1/0    XX.XX.XX.63   01 0000 0800    1
   Fa2/0      XX.XX.XX.204    Fa1/0    XX.XX.XX.111  01 0000 0800    1
   Fa2/0      XX.XX.XX.204    Fa1/0    XX.XX.XX.95   01 0000 0800    1
   Fa2/0      XX.XX.XX.204    Fa1/0    XX.XX.XX.79   01 0000 0800    1

At this result, src port: 0000, dstp port: 0800.
Then, src port means "icmp code" and dst port means "icmp type" ?

For example, Host Unreachable is type 3 code 1,
Then,How can I find this icmp Host Unreachable ?
"show ip cache flow | include 0001 0300" or not?

Surely, I know that icmp has no port bu, type and code.


Thanks in advance.

_________________________________________________________________
행운의 주인공이 이번엔 나일꺼야, 진짜루... 인터넷 복권 http://www.msn.co.kr/money/interlotto/

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • about netflow result(icmp type & code) Monty Ree (Aug 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]