...
Now view the new text file with less or a text editor. It will provide flow records such as the following. The 'ip router' field denotes the source router for this flow sample.
Code Block |
---|
Flow Record: Flags = 0x00 FLOW, Unsampled export sysid = 1 size = 76 first = 1499779596 [2017-07-11 22:26:36] last = 1499779596 [2017-07-11 22:26:36] msec_first = 447 msec_last = 447 src addr = 10.10.1.4 dst addr = 10.10.1.1 src port = 23232 dst port = 179 fwd status = 0 tcp flags = 0x02 ....S. proto = 6 TCP (src)tos = 192 (in)packets = 1 (in)bytes = 44 input = 4 output = 0 src as = 0 dst as = 0 src mask = 32 10.10.1.4/32 dst mask = 32 10.10.1.1/32 dst tos = 0 direction = 0 ip next hop = 0.0.0.0 ip router = 10.10.1.1 engine type = 0 engine ID = 0 received at = 1499747221750 [2017-07-11 13:27:01.750] |
...