Skip to main content
Version: 2.10.1

TCP/IP Information Details

KeyField DescriptionComments
NFO timestampFormat: Mmm dd hh:mm:ss
NFO server IP addressFormat: IPv4_address
NFO server NetFlow source IDConfigurable.
nfc_idMessage type identifier“nfc_id=20195”
exp_ipNetwork device (exporter) IP address<IPv4 address>
src_ipSource IP address<IPv4 address>
[src_cc]Country code of a source host of the pair<string>
dest_ipDestination IP address<IPv4 address>
dest_portDestination port number<number>
first_seenFirst time seen<number> Time when a first invalid TCP/IP session between the hosts was observed
last_seenLast time seen<number> Time when a last invalid TCP/IP session between the hosts was observed
syn_countSYN count<number>, The number of observed invalid TCP/IP sessions between the hosts which correspond to the SYN-flood attack pattern
syn_ack_countSYN-ACK count<number>, The number of observed invalid TCP/IP sessions between the hosts which correspond to the SYN-ACK (“reflection”) flood attack pattern
ack_countACK count<number>, The number of observed invalid TCP/IP sessions between the hosts which correspond to the ACK flood attack pattern
fin_countFIN count<number>, The number of observed invalid TCP/IP sessions between the hosts which correspond to the FIN flood attack pattern
psh_count_sdPSH count from source to destination<number>, The number of PSH requests from the source host to the destination host
psh_count_dsPSH count from destination to source<number>, The number of PSH requests from the destination host to the source host