> > However Cisco IOS sometimes sends this info with the source
> > address and sometimes with the destination address.
>
> As this is a NetFlow v9 export, shouldn't the ICMP type and code
> information be taken out of the ICMP_TYPE field?
>
> I think that reporting ICMP type/code information in "fmt:%sp" is
> misleading. There should be a distinct column in the output for that. I
> wouldn't want icmp traffic to be added to traffic with TCP/UDP source
> port 771 using "fmt:%sp".
At this moment all type of flows (UDP, TCP, ICMP) are displayed
with the same format string.
What is your suggestion?
What to write instead of this command?
nfdump <other_options> \
-o "fmt:%ts %td %pr %sap -> %dap %flg %tos %pkt %byt %fl" \
src host 192.168.63.12
Gabor
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
