-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bjoern Weiland wrote:
|> | from what I understand, the Dst Pt value in ICMP Traffic is Type.Code.
|> | But how do I search for that in nfsen?
|
|> In 1.5.7 use 'icmp-type 8 and icmp-code 0'
|
| Thanks. Another thing I realized is that packets captured as
|
| 13:52:26.431390 121.54.66.8 129.x.x.x ICMP Destination
| unreachable (Port unreachable)
|
| and read into nfcapd with fprobe are finally represented as the
| following flow (read with nfdump):
|
| 11.04 ICMP 121.54.66.8 0 129.13.71.249 3.0 [...]
|
| Here you can see that the Dst Port is 3.0 meaning ICMP type 3 code 0,
| whereas it should be (see packet capture output above) type 3 code 3
| (Port unreachable). Is that a bug in fprobe or nfdump?
Hmm .. I guess this is an fprobe issue. nfdump simply display, what it gets,
and from what I've tested, nfdump gives
correct results.
- Peter
|
| -regards, bjoern
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBSIRqif5AbZRALNr/AQINxQP+MCN3ohPaIyNFJ1ahTZN368OCE/kvsn11
yFfM/w8m6/ES/Q6HtMfwDot9fHasszn13GE93KIcHdImChMFEECQ2qpenHEAvZJ1
SfEkjza4Tps5eXA9/GhAs2wXxfUEQ3uGKzyWxTUhU72+tKij/RJMJ568BMkZLx6l
3XzLq272Y+g=
=CPwJ
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
