The destination port is the ICMP type.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Tuesday, July 13, 2010 8:15 AM To: [email protected] Subject: [OSL | CCIE_Security] netflow O/P for icmp and other non tcp/udp Hi all What will be the source and destination port for non-TCP/UDP flows. For instance, if you look below - first O/P is for ICMP request and the second O/P is for ICMP reply. router2#sh ip cache flow IP packet size distribution (117476 total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .366 .252 .056 .145 .064 .052 .060 .000 .000 .000 .000 .000 .000 .000 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 IP Flow Switching Cache, 278544 bytes 2 active, 4094 inactive, 59946 added 1080909 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, 25800 bytes 4 active, 1020 inactive, 73509 added, 59844 added to flow 0 alloc failures, 0 force free 1 chunk, 2 chunks added last clearing of statistics never Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow TCP-Telnet 111 0.0 90 41 0.0 22.5 14.0 TCP-FTP 19 0.0 1 60 0.0 0.0 15.3 TCP-WWW 19 0.0 3 50 0.0 0.2 1.5 TCP-other 134 0.0 1 66 0.0 0.0 15.5 UDP-DNS 34112 0.0 1 84 0.0 0.0 15.4 UDP-TFTP 3051 0.0 7 49 0.0 29.8 15.4 UDP-other 9979 0.0 3 138 0.0 2.1 15.4 ICMP 12519 0.0 1 152 0.0 1.5 15.0 Total: 59944 0.1 1 99 0.2 2.2 15.3 SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts Gi0/1 10.20.30.41 Local 10.20.30.42 01 0000 0800 15 router2#ping 10.20.30.41 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.20.30.41, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms router2#sh ip cache flow IP packet size distribution (117497 total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .366 .252 .056 .145 .064 .052 .060 .000 .000 .000 .000 .000 .000 .000 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 IP Flow Switching Cache, 278544 bytes 5 active, 4091 inactive, 59950 added 1080960 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, 25800 bytes 10 active, 1014 inactive, 73517 added, 59848 added to flow 0 alloc failures, 0 force free 1 chunk, 2 chunks added last clearing of statistics never Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow TCP-Telnet 111 0.0 90 41 0.0 22.5 14.0 TCP-FTP 19 0.0 1 60 0.0 0.0 15.3 TCP-WWW 19 0.0 3 50 0.0 0.2 1.5 TCP-other 134 0.0 1 66 0.0 0.0 15.5 UDP-DNS 34112 0.0 1 84 0.0 0.0 15.4 UDP-TFTP 3051 0.0 7 49 0.0 29.8 15.4 UDP-other 9979 0.0 3 138 0.0 2.1 15.4 ICMP 12520 0.0 1 152 0.0 1.5 15.0 Total: 59945 0.1 1 99 0.2 2.2 15.3 SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts Gi0/1 10.20.30.41 Local 10.20.30.42 01 0000 0000 15 With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
