[netflow-tools] Confusion on Packet Size

Andreas Rütten AndreasRuetten at gmx.de
Tue Jan 15 05:00:29 EST 2008


Hello list,

I have some NetFlows collected with softflowd and I need some information
about the meaning of some fields.

The Flows I have are TCP connections with 1 packet by 46 or 60 Bytes.
What will be counted for the field "bytes"?

A Ethernet Paket have to be at least by 72 bytes. 64 for the minimum
Ethernet Frame and 8 for Präambel and SFD.
So it couldn't be the hole Packet.

The Ethernet Payload has a minimum of 46 Bytes, so maybe a single TCP ACK
or SYN Packet can be the one I have captured? 
20 Bytes IP Header + 20 TCP Header + 6 Bytes X

But then what are these 6 Bytes for?
And what Packets are typical for 60 bytes?


Thanks for any hint.

Andreas

-- 
Andreas Rütten
mailto : AndreasRuetten at gmx.de
PGP DSA/1024, C1CC335C, A655 0268 CEA6 A3DA 30AA D356 A450 30BD C1CC 335C
--

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/netflow-tools/attachments/20080114/65eeb3b7/attachment.bin 


More information about the netflow-tools mailing list