Re: [OSL | CCIE_Security] netflow output

Tue, 07 Feb 2012 21:48:11 -0800 

Seeing Fahad input to the OSL, jJust wanted to add my two cents, by sharing a 
link from blogs.cisco.com. 


http://blogs.cisco.com/security/correlating-netflow-data-for-proactive-security-network-notoriety/



Kamran Shakil
Technical Consultant

P.O. Box: 198 Ruwi, Oman 
T: +968 2416 1111
F: +968 2416 1100
M: +968 9808 4652 
E-mail: [email protected] 


"MDS Oman is a Part of the Midis Group"



-----Original Message-----
From: [email protected] on behalf of Fawad Khan
Sent: Wed 2/8/2012 8:12 AM
To: [email protected]
Subject: [OSL | CCIE_Security] netflow output
 
I was working on some practice labs with regards to various management
protocols. In this lab I applied netflow configs on various routers of
Yousuf Lab1. and 'kind of' realized that in the output of sh ip cache
flow... the protocol number is actually a HEX number and not Decimal
number. same is the case with SrcP and DstP... I am not a big
routing/switching/management person hence dont use netflow very often. So I
wasnt aware of the output to this level...

R1#
SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP
 Pkts
Fa0/1.1       192.168.4.11    Local         192.168.3.11    32 D94F B960
  6

R4#
SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP
 Pkts
Fa0/1         192.168.9.3     Null          224.0.0.5       59 0000 0000
159
Fa0/1         192.168.9.10    Null          224.0.0.5       59 0000 0000
156

R6#
SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP
 Pkts
Fa0/1.2       192.168.6.10    Local         192.168.6.11    01 0000 0800
 4085
Fa0/1.2       192.168.3.11    Local         192.168.6.11    06 5725 0017
 13

In R1, the protocol is listed as 32, which is 50 in Decimal, hence its
ESP............ R4, its 59 which is 82 in decimal hence OSPF. and on R6 Pr
is 01, which is 01 in Decimal hence its ICMP...then 06 is 06 in decimal,
hence that it sTCP... also DstP is 0017 which is 23 in decimal hence
TELNET.............. Do not take DstP 0017 as IP Protocol 17 which is
UDP... but since its a Hex number 17, which is 23 in decimal..


Just thought of sharing this information with you guys..

The complete IP protocol numbers can be checked at the following link

http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml



FNK

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to