Correct Tyson. I was wondering why for ICMP alone which doesn't have source port/destination, the IOS is using Type value...
With regards Kings On Tue, Jul 13, 2010 at 9:46 PM, Tyson Scott <[email protected]> wrote: > Other IP protocols will never have a source destination port because > there is no concept of it. > > > > That is why ESP is not supported by NAT/PAT and you need to enable NAT-T so > that it will run over port 4500. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Managing Partner / Sr. Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* Kingsley Charles [mailto:[email protected]] > *Sent:* Tuesday, July 13, 2010 11:16 AM > *To:* Tyson Scott > *Cc:* [email protected] > *Subject:* Re: [OSL | CCIE_Security] netflow O/P for icmp and other non > tcp/udp > > > > True Tyson but what about other protocols like ESP, AH, GRE... > > Please have look below, for GRE sport/dport is 0000/0000 > > router#sh ip cache flow > IP packet size distribution (122557 total packets): > 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 > 480 > .000 .380 .247 .057 .142 .062 .050 .059 .000 .000 .000 .000 .000 .000 > .000 > > 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 > .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 > > IP Flow Switching Cache, 278544 bytes > 18 active, 4078 inactive, 62336 added > 1123004 ager polls, 0 flow alloc failures > Active flows timeout in 30 minutes > Inactive flows timeout in 15 seconds > IP Sub Flow Cache, 25800 bytes > 36 active, 988 inactive, 78289 added, 62234 added to flow > 0 alloc failures, 0 force free > 1 chunk, 2 chunks added > last clearing of statistics never > Protocol Total Flows Packets Bytes Packets Active(Sec) > Idle(Sec) > -------- Flows /Sec /Flow /Pkt /Sec /Flow > /Flow > TCP-Telnet 129 0.0 87 41 0.0 21.5 > 14.1 > TCP-FTP 19 0.0 1 60 0.0 0.0 > 15.3 > TCP-WWW 19 0.0 3 50 0.0 0.2 > 1.5 > TCP-other 135 0.0 1 66 0.0 0.0 > 15.5 > UDP-DNS 35976 0.0 1 83 0.0 0.0 > 15.4 > UDP-TFTP 3119 0.0 7 49 0.0 29.5 > 15.4 > UDP-other 10392 0.0 3 138 0.0 2.2 > 15.4 > ICMP 12527 0.0 1 152 0.0 1.5 > 15.0 > GRE 1 0.0 10 124 0.0 0.8 > 15.4 > IP-other 1 0.0 4 40 0.0 0.0 > 15.9 > Total: 62318 0.1 1 98 0.2 2.2 > 15.3 > > SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP > Pkts > Gi0/1 10.20.30.41 Local 10.20.30.42 2F 0000 > 0000 5 > > > > With regards > Kings > > On Tue, Jul 13, 2010 at 8:14 PM, Tyson Scott <[email protected]> wrote: > > The destination port is the ICMP type. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Managing Partner / Sr. Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kingsley Charles > *Sent:* Tuesday, July 13, 2010 8:15 AM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] netflow O/P for icmp and other non > tcp/udp > > > > Hi all > > > What will be the source and destination port for non-TCP/UDP flows. For > instance, if you look below - first O/P is for ICMP request and the second > O/P is for ICMP reply. > > > router2#sh ip cache flow > IP packet size distribution (117476 total packets): > 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 > 480 > .000 .366 .252 .056 .145 .064 .052 .060 .000 .000 .000 .000 .000 .000 > .000 > > 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 > .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 > > IP Flow Switching Cache, 278544 bytes > 2 active, 4094 inactive, 59946 added > 1080909 ager polls, 0 flow alloc failures > Active flows timeout in 30 minutes > Inactive flows timeout in 15 seconds > IP Sub Flow Cache, 25800 bytes > 4 active, 1020 inactive, 73509 added, 59844 added to flow > 0 alloc failures, 0 force free > 1 chunk, 2 chunks added > last clearing of statistics never > Protocol Total Flows Packets Bytes Packets Active(Sec) > Idle(Sec) > -------- Flows /Sec /Flow /Pkt /Sec /Flow > /Flow > TCP-Telnet 111 0.0 90 41 0.0 22.5 > 14.0 > TCP-FTP 19 0.0 1 60 0.0 0.0 > 15.3 > TCP-WWW 19 0.0 3 50 0.0 0.2 > 1.5 > TCP-other 134 0.0 1 66 0.0 0.0 > 15.5 > UDP-DNS 34112 0.0 1 84 0.0 0.0 > 15.4 > UDP-TFTP 3051 0.0 7 49 0.0 29.8 > 15.4 > UDP-other 9979 0.0 3 138 0.0 2.1 > 15.4 > ICMP 12519 0.0 1 152 0.0 1.5 > 15.0 > Total: 59944 0.1 1 99 0.2 2.2 > 15.3 > > SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP > Pkts > Gi0/1 10.20.30.41 Local 10.20.30.42 01 0000 0800 > 15 > > > > router2#ping 10.20.30.41 > > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 10.20.30.41, timeout is 2 seconds: > !!!!! > Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms > router2#sh ip cache flow > IP packet size distribution (117497 total packets): > 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 > 480 > .000 .366 .252 .056 .145 .064 .052 .060 .000 .000 .000 .000 .000 .000 > .000 > > 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 > .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 > > IP Flow Switching Cache, 278544 bytes > 5 active, 4091 inactive, 59950 added > 1080960 ager polls, 0 flow alloc failures > Active flows timeout in 30 minutes > Inactive flows timeout in 15 seconds > IP Sub Flow Cache, 25800 bytes > 10 active, 1014 inactive, 73517 added, 59848 added to flow > 0 alloc failures, 0 force free > 1 chunk, 2 chunks added > last clearing of statistics never > Protocol Total Flows Packets Bytes Packets Active(Sec) > Idle(Sec) > -------- Flows /Sec /Flow /Pkt /Sec /Flow > /Flow > TCP-Telnet 111 0.0 90 41 0.0 22.5 > 14.0 > TCP-FTP 19 0.0 1 60 0.0 0.0 > 15.3 > TCP-WWW 19 0.0 3 50 0.0 0.2 > 1.5 > TCP-other 134 0.0 1 66 0.0 0.0 > 15.5 > UDP-DNS 34112 0.0 1 84 0.0 0.0 > 15.4 > UDP-TFTP 3051 0.0 7 49 0.0 29.8 > 15.4 > UDP-other 9979 0.0 3 138 0.0 2.1 > 15.4 > ICMP 12520 0.0 1 152 0.0 1.5 > 15.0 > Total: 59945 0.1 1 99 0.2 2.2 > 15.3 > > SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP > Pkts > Gi0/1 10.20.30.41 Local 10.20.30.42 01 0000 0000 > 15 > > > With regards > Kings > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
