Kiss Gabor (Bitman) wrote: > 771 above is actually 3*256+3 that should be written as 3.3. > (Means "destination unreachable"."port unreachable".)
OK, thanks. > However Cisco IOS sometimes sends this info with the source > address and sometimes with the destination address. As this is a NetFlow v9 export, shouldn't the ICMP type and code information be taken out of the ICMP_TYPE field? I think that reporting ICMP type/code information in "fmt:%sp" is misleading. There should be a distinct column in the output for that. I wouldn't want icmp traffic to be added to traffic with TCP/UDP source port 771 using "fmt:%sp". ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
