Because when describing ICMP, various software have a custom of co-opting the port number (since ICMP doesn't have port numbers) to show the type.code of the ICMP packet. 3.10 presumably means type 3, code 10, so destination unreachable, Host administratively prohibited.
https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#ICMP_datagram_structure On 10/21/2016 8:16 AM, Nikolaos Milas wrote: > Hello, > > I am recording a number of flows of the form: > > Date first seen Event XEvent Proto Src IP > Addr:Port Dst IP Addr:Port X-Src IP Addr:Port X-Dst IP > Addr:Port In Byte Out Byte > 2016-10-21 20:58:51.700 INVALID Ignore ICMP 194.177.194.192:0 > -> 183.7.119.26:3.10 0.0.0.0:0 -> 0.0.0.0:0 > 68 0 > > What is the meaning of these flows please? > > Why source port is 0 and destination port 3.10? > > I cannot understand. > > Please help. > > Thanks, > Nick > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Nfsen-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
