|
Security Basics
mailing list archives
about netflow result(icmp type & code)
From: "Monty Ree" <chulmin2 () hotmail com>
Date: Mon, 09 Aug 2004 05:48:20 +0000
Hello, all.
I would like to ask some about netflow.
According to this site,
http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml
I can monitor icmp echo request(type 8 code 0) like below,
Router>show ip cache flow | include 0000 0800
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Fa2/0 XX.XX.XX.242 Fa1/0 XX.XX.XX.119 01 0000 0800 1
Fa2/0 XX.XX.XX.242 Fa1/0 XX.XX.XX.169 01 0000 0800 1
Fa2/0 XX.XX.XX.204 Fa1/0 XX.XX.XX.63 01 0000 0800 1
Fa2/0 XX.XX.XX.204 Fa1/0 XX.XX.XX.111 01 0000 0800 1
Fa2/0 XX.XX.XX.204 Fa1/0 XX.XX.XX.95 01 0000 0800 1
Fa2/0 XX.XX.XX.204 Fa1/0 XX.XX.XX.79 01 0000 0800 1
At this result,
src port: 0000, dstp port: 0800.
Then, src port means "icmp code" and dst port means "icmp type" ?
For example, Host Unreachable is type 3 code 1,
Then,How can I find this icmp Host Unreachable ?
"show ip cache flow | include 0001 0300" or not?
Surely, I know that icmp has no port bu, type and code.
Thanks in advance.
_________________________________________________________________
행운의 주인공이 이번엔 나일꺼야, 진짜루... 인터넷 복권
http://www.msn.co.kr/money/interlotto/
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- about netflow result(icmp type & code) Monty Ree (Aug 09)
|
