[netflow-tools] flowd-reader export
Gijs Molenaar
gijs at looze.net
Fri Mar 24 18:52:11 EST 2006
Murray Shields schreef:
> Is there any documentation on the export as generated by flowd-reader?
> For example, what are the possible values and meanings for proto (I know
> 6 is TCP)?
http://www.iana.org/assignments/protocol-numbers
googlin for 'ip protocol numbers' was quite usefull.
> What is the most accurate way of matching bi-directional
> packets (is it simply a specific port number range)?
> Can I simply assume that the LOWER port number is the port, and the
> higher is for matching?
>
By my knowledge flows are uni-directional. So if you have a TCP session,
2 flows are
created. There is a source and destination port, but now lower and
higher. But maybe
I'm wrong...
More information about the netflow-tools
mailing list