Dominik in nprobe if you set the flow template that includes ICMP, then all flows (even non ICMP) will have such field (ICMP_TYPE in this case) set. As 0 means no value in nProbe, this field is meaningful only if you have an ICMP flow. Are you saying that you have an IPv6 flow with ICMP_TYPE set to zero? If so, please mail me a pcap file with packets belonging to such flow as I want to debug this issue.
Cheers Luca On Dec 11, 2011, at 10:42 AM, Dominik Elsbroek wrote: > Hi Luca, > > o.k. that looks good. Somehow i missed this help text. Sorry and thank > you for your answer. > > But is there any explaination about type and flags set to 0 in an > ICMPv6 flow? Since type 0 is reserved as described at > http://www.iana.org/assignments/icmpv6-parameters. > > Cheers, > Dominik > > On Sun, Dec 11, 2011 at 09:36, Luca Deri <[email protected]> wrote: >> Dominik >> in nprobe >> deri@iMacLuca 58> ./nprobe -h|grep ICM >> [ 32] %ICMP_TYPE %icmpTypeCodeIPv4 ICMP Type * 256 >> + ICMP code >> >> So in case of ICMP ECHO REQUEST/REPLY (see fields in red) >> [2a00:1620:c0:7d:21c:f0ff:fe6e:b6ed]|[2a00:d40:1:1:192:12:192:114]|0.0.0.0|0|0|3|312|1323592185|1323592187|0|0|0|58|0|0|32768 >> [2a00:d40:1:1:192:12:192:114]|[2a00:1620:c0:7d:21c:f0ff:fe6e:b6ed]|0.0.0.0|0|0|3|312|1323592185|1323592187|0|0|0|58|0|0|33024 >> >> So it works for me. if not for you, please debug it and mail me that code >> patch >> >> Thanks Luca >> >> On Dec 10, 2011, at 12:57 PM, Dominik Elsbroek wrote: >> >> Hi >> >> I am using nprobe in version 6.5.0_052311_pro tying to analyse ICMPv6 >> traffic. But can't explain to myself how icmpv6 flags and types are >> generated. Is there a lack of ICMPv6 support? Am I am a missing >> something? >> >> I just printed all icmp messages out to the shell and subsumed I get >> these types over time: >> >> received icmpv6 with type: 0 and flags: 0 >> received icmpv6 with type: 32768 and flags: 1 >> received icmpv6 with type: 259 and flags: 2 >> received icmpv6 with type: 768 and flags: 8 >> received icmpv6 with type: 34048 and flags: 32 >> received icmpv6 with type: 34304 and flags: 64 >> received icmpv6 with type: 34560 and flags: 128 >> received icmpv6 with type: 34816 and flags: 256 >> received icmpv6 with type: 34560 and flags: 384 >> >> I have edited the database.c but like this the flags and types are >> also written into a database. >> >> But the types which are supported by icmpv6 are only up to 255 and the >> flags are nowhere mentioned in the specs. >> >> Any help is appreciated. >> >> Cheers, >> Dominik >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> >> --- >> Due to lack of interest, tomorrow is cancelled - Kaiser Chiefs >> >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc --- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. - Brian W. Kernighan _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
