2 Replies Latest reply on Jul 24, 2012 9:18 AM by josh_d

    DestPort for ICMP (Protocol = 1) is always 0

    josh_d

      In a flow, the Destination Port for ICMP traffic (Protocol = 1)  encodes the ICMP type and code (http://www.iana.org/assignments/icmp-parameters/icmp-parameters.txt). This data is important when trying to do advanced analysis. However my queries of the Netflow tables always returns a DestPort of 0 (where protocol =1). Does Orion pass along the ICMP type and code in another field (e.g. SourcePort or is 0 always the actual value - very doubtful)?

      This

      ,

      TY for the help,

      Josh