> | from what I understand, the Dst Pt value in ICMP Traffic is Type.Code. > | But how do I search for that in nfsen?
> In 1.5.7 use 'icmp-type 8 and icmp-code 0' Thanks. Another thing I realized is that packets captured as 13:52:26.431390 121.54.66.8 129.x.x.x ICMP Destination unreachable (Port unreachable) and read into nfcapd with fprobe are finally represented as the following flow (read with nfdump): 11.04 ICMP 121.54.66.8 0 129.13.71.249 3.0 [...] Here you can see that the Dst Port is 3.0 meaning ICMP type 3 code 0, whereas it should be (see packet capture output above) type 3 code 3 (Port unreachable). Is that a bug in fprobe or nfdump? -regards, bjoern ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
