TCP/IP Information Details (10190 / 20195)
Key
Field Description
Comments
NFO timestamp
Format: Mmm dd hh:mm:ss
NFO server IP address
Format: IPv4_address
NFO server NetFlow source ID
Configurable.
nfc_id
Message type identifier
“nfc_id=20195”
exp_ip
Network device (exporter) IP address
<IPv4 address>
src_ip
Source IP address
<IPv4 address>
[src_cc]
Country code of a source host of the pair
<string>
dest_ip
Destination IP address
<IPv4 address>
dest_port
Destination port number
<number>
first_seen
First time seen
<number> Time when a first invalid TCP/IP session between the hosts was observed
last_seen
Last time seen
<number> Time when a last invalid TCP/IP session between the hosts was observed
syn_count
SYN count
<number>, The number of observed invalid TCP/IP sessions between the hosts which correspond to the SYN-flood attack pattern
syn_ack_count
SYN-ACK count
<number>, The number of observed invalid TCP/IP sessions between the hosts which correspond to the SYN-ACK (“reflection”) flood attack pattern
ack_count
ACK count
<number>, The number of observed invalid TCP/IP sessions between the hosts which correspond to the ACK flood attack pattern
fin_count
FIN count
<number>, The number of observed invalid TCP/IP sessions between the hosts which correspond to the FIN flood attack pattern
psh_count_sd
PSH count from source to destination
<number>, The number of PSH requests from the source host to the destination host
psh_count_ds
PSH count from destination to source
<number>, The number of PSH requests from the destination host to the source host
Last modified 2yr ago
Copy link