True Tyson but what about other protocols like ESP, AH, GRE...
Please have look below, for GRE sport/dport is 0000/0000
router#sh ip cache flow
IP packet size distribution (122557 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448
480
.000 .380 .247 .057 .142 .062 .050 .059 .000 .000 .000 .000 .000 .000
.000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
18 active, 4078 inactive, 62336 added
1123004 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 25800 bytes
36 active, 988 inactive, 78289 added, 62234 added to flow
0 alloc failures, 0 force free
1 chunk, 2 chunks added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec)
Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 129 0.0 87 41 0.0 21.5 14.1
TCP-FTP 19 0.0 1 60 0.0 0.0 15.3
TCP-WWW 19 0.0 3 50 0.0 0.2 1.5
TCP-other 135 0.0 1 66 0.0 0.0 15.5
UDP-DNS 35976 0.0 1 83 0.0 0.0 15.4
UDP-TFTP 3119 0.0 7 49 0.0 29.5 15.4
UDP-other 10392 0.0 3 138 0.0 2.2 15.4
ICMP 12527 0.0 1 152 0.0 1.5 15.0
GRE 1 0.0 10 124 0.0 0.8 15.4
IP-other 1 0.0 4 40 0.0 0.0 15.9
Total: 62318 0.1 1 98 0.2 2.2 15.3
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP
Pkts
Gi0/1 10.20.30.41 Local 10.20.30.42 2F 0000 0000
5
With regards
Kings
On Tue, Jul 13, 2010 at 8:14 PM, Tyson Scott <[email protected]> wrote:
> The destination port is the ICMP type.
>
>
>
> Regards,
>
>
>
> Tyson Scott - CCIE #13513 R&S, Security, and SP
>
> Managing Partner / Sr. Instructor - IPexpert, Inc.
>
> Mailto: [email protected]
>
> Telephone: +1.810.326.1444, ext. 208
>
> Live Assistance, Please visit: www.ipexpert.com/chat
>
> eFax: +1.810.454.0130
>
>
>
> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand,
> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco
> CCIE (R&S, Voice, Security & Service Provider) certification(s) with
> training locations throughout the United States, Europe, South Asia and
> Australia. Be sure to visit our online communities at
> www.ipexpert.com/communities and our public website at www.ipexpert.com
>
>
>
> *From:* [email protected] [mailto:
> [email protected]] *On Behalf Of *Kingsley Charles
> *Sent:* Tuesday, July 13, 2010 8:15 AM
> *To:* [email protected]
> *Subject:* [OSL | CCIE_Security] netflow O/P for icmp and other non
> tcp/udp
>
>
>
> Hi all
>
>
> What will be the source and destination port for non-TCP/UDP flows. For
> instance, if you look below - first O/P is for ICMP request and the second
> O/P is for ICMP reply.
>
>
> router2#sh ip cache flow
> IP packet size distribution (117476 total packets):
> 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448
> 480
> .000 .366 .252 .056 .145 .064 .052 .060 .000 .000 .000 .000 .000 .000
> .000
>
> 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
> .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
>
> IP Flow Switching Cache, 278544 bytes
> 2 active, 4094 inactive, 59946 added
> 1080909 ager polls, 0 flow alloc failures
> Active flows timeout in 30 minutes
> Inactive flows timeout in 15 seconds
> IP Sub Flow Cache, 25800 bytes
> 4 active, 1020 inactive, 73509 added, 59844 added to flow
> 0 alloc failures, 0 force free
> 1 chunk, 2 chunks added
> last clearing of statistics never
> Protocol Total Flows Packets Bytes Packets Active(Sec)
> Idle(Sec)
> -------- Flows /Sec /Flow /Pkt /Sec /Flow
> /Flow
> TCP-Telnet 111 0.0 90 41 0.0 22.5
> 14.0
> TCP-FTP 19 0.0 1 60 0.0 0.0
> 15.3
> TCP-WWW 19 0.0 3 50 0.0 0.2
> 1.5
> TCP-other 134 0.0 1 66 0.0 0.0
> 15.5
> UDP-DNS 34112 0.0 1 84 0.0 0.0
> 15.4
> UDP-TFTP 3051 0.0 7 49 0.0 29.8
> 15.4
> UDP-other 9979 0.0 3 138 0.0 2.1
> 15.4
> ICMP 12519 0.0 1 152 0.0 1.5
> 15.0
> Total: 59944 0.1 1 99 0.2 2.2
> 15.3
>
> SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP
> Pkts
> Gi0/1 10.20.30.41 Local 10.20.30.42 01 0000 0800
> 15
>
>
>
> router2#ping 10.20.30.41
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.20.30.41, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
> router2#sh ip cache flow
> IP packet size distribution (117497 total packets):
> 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448
> 480
> .000 .366 .252 .056 .145 .064 .052 .060 .000 .000 .000 .000 .000 .000
> .000
>
> 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
> .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
>
> IP Flow Switching Cache, 278544 bytes
> 5 active, 4091 inactive, 59950 added
> 1080960 ager polls, 0 flow alloc failures
> Active flows timeout in 30 minutes
> Inactive flows timeout in 15 seconds
> IP Sub Flow Cache, 25800 bytes
> 10 active, 1014 inactive, 73517 added, 59848 added to flow
> 0 alloc failures, 0 force free
> 1 chunk, 2 chunks added
> last clearing of statistics never
> Protocol Total Flows Packets Bytes Packets Active(Sec)
> Idle(Sec)
> -------- Flows /Sec /Flow /Pkt /Sec /Flow
> /Flow
> TCP-Telnet 111 0.0 90 41 0.0 22.5
> 14.0
> TCP-FTP 19 0.0 1 60 0.0 0.0
> 15.3
> TCP-WWW 19 0.0 3 50 0.0 0.2
> 1.5
> TCP-other 134 0.0 1 66 0.0 0.0
> 15.5
> UDP-DNS 34112 0.0 1 84 0.0 0.0
> 15.4
> UDP-TFTP 3051 0.0 7 49 0.0 29.8
> 15.4
> UDP-other 9979 0.0 3 138 0.0 2.1
> 15.4
> ICMP 12520 0.0 1 152 0.0 1.5
> 15.0
> Total: 59945 0.1 1 99 0.2 2.2
> 15.3
>
> SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP
> Pkts
> Gi0/1 10.20.30.41 Local 10.20.30.42 01 0000 0000
> 15
>
>
> With regards
> Kings
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
