[netflow-tools] flowd-reader export
Murray Shields
murray.shields at netoptions.com.au
Mon Mar 27 11:00:19 EST 2006
Gijs Molenaar wrote:
> Murray Shields schreef:
>> Is there any documentation on the export as generated by
>> flowd-reader? For example, what are the possible values and meanings
>> for proto (I know 6 is TCP)?
> http://www.iana.org/assignments/protocol-numbers
>
> googlin for 'ip protocol numbers' was quite usefull.
Excellent, thank you.
>> What is the most accurate way of matching bi-directional packets (is
>> it simply a specific port number range)?
>> Can I simply assume that the LOWER port number is the port, and the
>> higher is for matching?
>>
> By my knowledge flows are uni-directional. So if you have a TCP
> session, 2 flows are
> created. There is a source and destination port, but now lower and
> higher. But maybe
> I'm wrong...
>
More information about the netflow-tools
mailing list