No. Time Source Destination Protocol Length Info Port_dst User Datagram Protocol 1980 0.133943 111.111.0.1 192.168.0.0 CFLOW 1390 IPFIX flow (1348 bytes) Obs-Domain-ID=33554432 [Data-Template:1910] [Options-Template:50710] [Data:50710] [Data:1910] 2055 ✓ Frame 1980: 1390 bytes on wire (11120 bits), 1390 bytes captured (11120 bits) Encapsulation type: Ethernet (1) Arrival Time: Jul 12, 2022 14:33:20.759543000 CEST [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1657629200.759543000 seconds [Time delta from previous captured frame: 0.000163000 seconds] [Time delta from previous displayed frame: 0.000163000 seconds] [Time since reference or first frame: 0.133943000 seconds] Frame Number: 1980 Frame Length: 1390 bytes (11120 bits) Capture Length: 1390 bytes (11120 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:cflow] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: VMware_9e:10:cf (00:XX:XX:9e:10:cf), Dst: VMware_ba:8c:11 (00:XX:XX:ba:8c:11) Destination: VMware_ba:8c:11 (00:XX:XX:ba:8c:11) Address: VMware_ba:8c:11 (00:XX:XX:ba:8c:11) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: VMware_9e:10:cf (00:XX:XX:9e:10:cf) Address: VMware_9e:10:cf (00:XX:XX:9e:10:cf) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 111.111.0.1, Dst: 192.168.0.0 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0xc0 (DSCP: CS6, ECN: Not-ECT) 1100 00.. = Differentiated Services Codepoint: Class Selector 6 (48) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1376 Identification: 0x15ec (5612) Flags: 0x00 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 61 Protocol: UDP (17) Header Checksum: 0x579f [validation disabled] [Header checksum status: Unverified] Source Address: 111.111.0.1 Destination Address: 192.168.0.0 User Datagram Protocol, Src Port: 50012, Dst Port: 2055 Source Port: 50012 Destination Port: 2055 Length: 1356 Checksum: 0xd7be [unverified] [Checksum Status: Unverified] [Stream index: 8] [Timestamps] [Time since first frame: 0.100087000 seconds] [Time since previous frame: 0.000163000 seconds] UDP payload (1348 bytes) Cisco NetFlow/IPFIX Version: 10 Length: 1348 Timestamp: Jul 12, 2022 14:32:04.000000000 CEST ExportTime: 1657629124 FlowSequence: 1441887693 Observation Domain Id: 33554432 Set 1 [id=2] (Data Template): 1910 FlowSet Id: Data Template (V10 [IPFIX]) (2) FlowSet Length: 124 Template (Id = 1910, Count = 29) Template Id: 1910 Field Count: 29 Field (1/29): SRC_MAC 0... .... .... .... = Pen provided: No .000 0000 0011 1000 = Type: SRC_MAC (56) Length: 6 Field (2/29): DESTINATION_MAC 0... .... .... .... = Pen provided: No .000 0000 0101 0000 = Type: DESTINATION_MAC (80) Length: 6 Field (3/29): ingressPhysicalInterface 0... .... .... .... = Pen provided: No .000 0000 1111 1100 = Type: ingressPhysicalInterface (252) Length: 4 Field (4/29): egressPhysicalInterface 0... .... .... .... = Pen provided: No .000 0000 1111 1101 = Type: egressPhysicalInterface (253) Length: 4 Field (5/29): dot1qVlanId 0... .... .... .... = Pen provided: No .000 0000 1111 0011 = Type: dot1qVlanId (243) Length: 2 Field (6/29): dot1qCustomerVlanId 0... .... .... .... = Pen provided: No .000 0000 1111 0101 = Type: dot1qCustomerVlanId (245) Length: 2 Field (7/29): postDot1qVlanId 0... .... .... .... = Pen provided: No .000 0000 1111 1110 = Type: postDot1qVlanId (254) Length: 2 Field (8/29): postDot1qCustomerVlanId 0... .... .... .... = Pen provided: No .000 0000 1111 1111 = Type: postDot1qCustomerVlanId (255) Length: 2 Field (9/29): IP_SRC_ADDR 0... .... .... .... = Pen provided: No .000 0000 0000 1000 = Type: IP_SRC_ADDR (8) Length: 4 Field (10/29): IP_DST_ADDR 0... .... .... .... = Pen provided: No .000 0000 0000 1100 = Type: IP_DST_ADDR (12) Length: 4 Field (11/29): IPV6_SRC_ADDR 0... .... .... .... = Pen provided: No .000 0000 0001 1011 = Type: IPV6_SRC_ADDR (27) Length: 16 Field (12/29): IPV6_DST_ADDR 0... .... .... .... = Pen provided: No .000 0000 0001 1100 = Type: IPV6_DST_ADDR (28) Length: 16 Field (13/29): PKTS 0... .... .... .... = Pen provided: No .000 0000 0000 0010 = Type: PKTS (2) Length: 8 Field (14/29): BYTES 0... .... .... .... = Pen provided: No .000 0000 0000 0001 = Type: BYTES (1) Length: 8 Field (15/29): flowStartMilliseconds 0... .... .... .... = Pen provided: No .000 0000 1001 1000 = Type: flowStartMilliseconds (152) Length: 8 Field (16/29): flowEndMilliseconds 0... .... .... .... = Pen provided: No .000 0000 1001 1001 = Type: flowEndMilliseconds (153) Length: 8 Field (17/29): L4_SRC_PORT 0... .... .... .... = Pen provided: No .000 0000 0000 0111 = Type: L4_SRC_PORT (7) Length: 2 Field (18/29): L4_DST_PORT 0... .... .... .... = Pen provided: No .000 0000 0000 1011 = Type: L4_DST_PORT (11) Length: 2 Field (19/29): TCP_FLAGS 0... .... .... .... = Pen provided: No .000 0000 0000 0110 = Type: TCP_FLAGS (6) Length: 2 Field (20/29): PROTOCOL 0... .... .... .... = Pen provided: No .000 0000 0000 0100 = Type: PROTOCOL (4) Length: 1 Field (21/29): IPV6_OPTION_HEADERS 0... .... .... .... = Pen provided: No .000 0000 0100 0000 = Type: IPV6_OPTION_HEADERS (64) Length: 4 Field (22/29): nextHeaderIPv6 0... .... .... .... = Pen provided: No .000 0000 1100 0001 = Type: nextHeaderIPv6 (193) Length: 1 Field (23/29): FLOW_LABEL 0... .... .... .... = Pen provided: No .000 0000 0001 1111 = Type: FLOW_LABEL (31) Length: 4 Field (24/29): IP_TOS 0... .... .... .... = Pen provided: No .000 0000 0000 0101 = Type: IP_TOS (5) Length: 1 Field (25/29): IP_PROTOCOL_VERSION 0... .... .... .... = Pen provided: No .000 0000 0011 1100 = Type: IP_PROTOCOL_VERSION (60) Length: 1 Field (26/29): ICMP_TYPE 0... .... .... .... = Pen provided: No .000 0000 0010 0000 = Type: ICMP_TYPE (32) Length: 2 Field (27/29): ingressVRFID 0... .... .... .... = Pen provided: No .000 0000 1110 1010 = Type: ingressVRFID (234) Length: 4 Field (28/29): BGP_NEXT_HOP 0... .... .... .... = Pen provided: No .000 0000 0001 0010 = Type: BGP_NEXT_HOP (18) Length: 4 Field (29/29): BGP_IPV6_NEXT_HOP 0... .... .... .... = Pen provided: No .000 0000 0011 1111 = Type: BGP_IPV6_NEXT_HOP (63) Length: 16 Set 2 [id=3] (Options Template): 50710 FlowSet Id: Options Template (V10 [IPFIX]) (3) FlowSet Length: 32 Options Template (Id = 50710) (Scope Count = 2; Data Count = 3) Template Id: 50710 Total Field Count: 5 Scope Field Count: 2 Field (1/2) [Scope]: observationDomainId 0... .... .... .... = Pen provided: No .000 0000 1001 0101 = Type: observationDomainId (149) Length: 4 Field (2/2) [Scope]: templateId 0... .... .... .... = Pen provided: No .000 0000 1001 0001 = Type: templateId (145) Length: 2 Field (1/3): selectorAlgorithm 0... .... .... .... = Pen provided: No .000 0001 0011 0000 = Type: selectorAlgorithm (304) Length: 2 Field (2/3): samplingPacketInterval 0... .... .... .... = Pen provided: No .000 0001 0011 0001 = Type: samplingPacketInterval (305) Length: 4 Field (3/3): samplingPacketSpace 0... .... .... .... = Pen provided: No .000 0001 0011 0010 = Type: samplingPacketSpace (306) Length: 4 Padding: 0000 Set 3 [id=50710] (1 flows) FlowSet Id: (Data) (50710) FlowSet Length: 20 [Template Frame: 1980] Flow 1 Observation Domain Id: 33554432 Template Id: 1910 Selector Algorithm: Systematic count-based Sampling (1) Sampling Packet Interval: 1 Sampling Packet Space: 9999 Set 4 [id=1910] (8 flows) FlowSet Id: (Data) (1910) FlowSet Length: 1156 [Template Frame: 1980] Flow 1 Source Mac Address: JuniperN_d8:34:3a (d4:XX:XX:d8:34:3a) Destination Mac Address: Cisco_6b:e9:9a (a8:XX:XX:6b:e9:9a) Ingress Physical Interface: 1342177338 Egress Physical Interface: 1342177336 Dot1q Vlan Id: 0 Dot1q Customer Vlan Id: 0 Post Dot1q Vlan Id: 100 Post Dot1q Customer Vlan Id: 0 SrcAddr: 31.13.0.0 DstAddr: 102.164.0.0 SrcAddr: :: DstAddr: :: Packets: 1 Octets: 249 [Duration: 0.000000000 seconds (milliseconds)] StartTime: Jul 12, 2022 14:31:49.578000000 CEST EndTime: Jul 12, 2022 14:31:49.578000000 CEST SrcPort: 3478 DstPort: 14423 TCP Flags: 0x0000 0000 .... .... .... = Zero (Header Length): 0x0 .... 000. .... .... = Reserved: 0x0 .... ...0 .... .... = ECN Nonce Sum: Not used .... .... 0... .... = CWR: Not used .... .... .0.. .... = ECN Echo: Not used .... .... ..0. .... = URG: Not used .... .... ...0 .... = ACK: Not used .... .... .... 0... = PSH: Not used .... .... .... .0.. = RST: Not used .... .... .... ..0. = SYN: Not used .... .... .... ...0 = FIN: Not used Protocol: UDP (17) IPv6 Extension Headers: 0x00000000 IPv6 Next Header: 0 ipv6FlowLabel: 0 IP ToS: 0x00 IPVersion: 4 ICMP Type: 0x0000 Ingress VRFID: 52 BGPNextHop: 0.0.0.0 BGPNextHop: :: Flow 2 Source Mac Address: JuniperN_9d:bd:a8 (40:71:XX:XX:bd:a8) Destination Mac Address: JuniperN_d3:b7:c3 (3c:61:XX:XX:b7:c3) Ingress Physical Interface: 1342177334 Egress Physical Interface: 104890368 Dot1q Vlan Id: 0 Dot1q Customer Vlan Id: 0 Post Dot1q Vlan Id: 100 Post Dot1q Customer Vlan Id: 0 SrcAddr: 52.85.0.0 DstAddr: 5.61.0.0 SrcAddr: :: DstAddr: :: Packets: 2 Octets: 2996 [Duration: 8.320000000 seconds (milliseconds)] StartTime: Jul 12, 2022 14:31:41.258000000 CEST EndTime: Jul 12, 2022 14:31:49.578000000 CEST SrcPort: 80 DstPort: 62824 TCP Flags: 0x0018, ACK, PSH 0000 .... .... .... = Zero (Header Length): 0x0 .... 000. .... .... = Reserved: 0x0 .... ...0 .... .... = ECN Nonce Sum: Not used .... .... 0... .... = CWR: Not used .... .... .0.. .... = ECN Echo: Not used .... .... ..0. .... = URG: Not used .... .... ...1 .... = ACK: Used .... .... .... 1... = PSH: Used .... .... .... .0.. = RST: Not used .... .... .... ..0. = SYN: Not used .... .... .... ...0 = FIN: Not used Protocol: TCP (6) IPv6 Extension Headers: 0x00000000 IPv6 Next Header: 0 ipv6FlowLabel: 0 IP ToS: 0x00 IPVersion: 4 ICMP Type: 0x0000 Ingress VRFID: 52 BGPNextHop: 0.0.0.0 BGPNextHop: :: Flow 3 Source Mac Address: Cisco_6b:e9:9a (a8:0c:XX:XX:e9:9a) Destination Mac Address: Cisco_76:01:c0 (00:XX:XX:76:01:c0) Ingress Physical Interface: 1342177336 Egress Physical Interface: 121 Dot1q Vlan Id: 200 Dot1q Customer Vlan Id: 0 Post Dot1q Vlan Id: 0 Post Dot1q Customer Vlan Id: 2 SrcAddr: 111.16.0.0 DstAddr: 111.236.0.0 SrcAddr: :: DstAddr: :: Packets: 1 Octets: 90 [Duration: 0.000000000 seconds (milliseconds)] StartTime: Jul 12, 2022 14:31:49.578000000 CEST EndTime: Jul 12, 2022 14:31:49.578000000 CEST SrcPort: 43524 DstPort: 10012 TCP Flags: 0x0000 0000 .... .... .... = Zero (Header Length): 0x0 .... 000. .... .... = Reserved: 0x0 .... ...0 .... .... = ECN Nonce Sum: Not used .... .... 0... .... = CWR: Not used .... .... .0.. .... = ECN Echo: Not used .... .... ..0. .... = URG: Not used .... .... ...0 .... = ACK: Not used .... .... .... 0... = PSH: Not used .... .... .... .0.. = RST: Not used .... .... .... ..0. = SYN: Not used .... .... .... ...0 = FIN: Not used Protocol: UDP (17) IPv6 Extension Headers: 0x00000000 IPv6 Next Header: 0 ipv6FlowLabel: 0 IP ToS: 0x00 IPVersion: 4 ICMP Type: 0x0000 Ingress VRFID: 2 BGPNextHop: 0.0.0.0 BGPNextHop: :: Flow 4 Source Mac Address: Cisco_6b:e9:9a (a8:0c:XX:XX:e9:9a) Destination Mac Address: Cisco_8d:92:4a (d4:77:XX:XX:92:4a) Ingress Physical Interface: 1342177336 Egress Physical Interface: 62 Dot1q Vlan Id: 200 Dot1q Customer Vlan Id: 0 Post Dot1q Vlan Id: 0 Post Dot1q Customer Vlan Id: 2 SrcAddr: 111.38.0.0 DstAddr: 111.154.0.0 SrcAddr: :: DstAddr: :: Packets: 1 Octets: 86 [Duration: 0.000000000 seconds (milliseconds)] StartTime: Jul 12, 2022 14:31:49.588000000 CEST EndTime: Jul 12, 2022 14:31:49.588000000 CEST SrcPort: 54150 DstPort: 443 TCP Flags: 0x0000 0000 .... .... .... = Zero (Header Length): 0x0 .... 000. .... .... = Reserved: 0x0 .... ...0 .... .... = ECN Nonce Sum: Not used .... .... 0... .... = CWR: Not used .... .... .0.. .... = ECN Echo: Not used .... .... ..0. .... = URG: Not used .... .... ...0 .... = ACK: Not used .... .... .... 0... = PSH: Not used .... .... .... .0.. = RST: Not used .... .... .... ..0. = SYN: Not used .... .... .... ...0 = FIN: Not used Protocol: TCP (6) IPv6 Extension Headers: 0x00000000 IPv6 Next Header: 0 ipv6FlowLabel: 0 IP ToS: 0x00 IPVersion: 4 ICMP Type: 0x0000 Ingress VRFID: 2 BGPNextHop: 0.0.0.0 BGPNextHop: :: Flow 5 Source Mac Address: Cisco_6b:e9:9a (a8:0c:XX:XX:e9:9a) Destination Mac Address: JuniperN_e1:2c:e8 (c0:03:XX:XX:2c:e8) Ingress Physical Interface: 1342177336 Egress Physical Interface: 101 Dot1q Vlan Id: 200 Dot1q Customer Vlan Id: 0 Post Dot1q Vlan Id: 0 Post Dot1q Customer Vlan Id: 2 SrcAddr: 111.223.0.0 DstAddr: 111.25.0.0 SrcAddr: :: DstAddr: :: Packets: 1 Octets: 74 [Duration: 0.000000000 seconds (milliseconds)] StartTime: Jul 12, 2022 14:31:49.588000000 CEST EndTime: Jul 12, 2022 14:31:49.588000000 CEST SrcPort: 59344 DstPort: 443 TCP Flags: 0x0000 0000 .... .... .... = Zero (Header Length): 0x0 .... 000. .... .... = Reserved: 0x0 .... ...0 .... .... = ECN Nonce Sum: Not used .... .... 0... .... = CWR: Not used .... .... .0.. .... = ECN Echo: Not used .... .... ..0. .... = URG: Not used .... .... ...0 .... = ACK: Not used .... .... .... 0... = PSH: Not used .... .... .... .0.. = RST: Not used .... .... .... ..0. = SYN: Not used .... .... .... ...0 = FIN: Not used Protocol: TCP (6) IPv6 Extension Headers: 0x00000000 IPv6 Next Header: 0 ipv6FlowLabel: 0 IP ToS: 0x00 IPVersion: 4 ICMP Type: 0x0000 Ingress VRFID: 2 BGPNextHop: 0.0.0.0 BGPNextHop: :: Flow 6 Source Mac Address: Cisco_6b:e9:9a (a8:0c:XX:XX:e9:9a) Destination Mac Address: JuniperN_d8:33:b2 (d4:04:XX:XX:33:b2) Ingress Physical Interface: 1342177336 Egress Physical Interface: 1342177337 Dot1q Vlan Id: 100 Dot1q Customer Vlan Id: 0 Post Dot1q Vlan Id: 0 Post Dot1q Customer Vlan Id: 0 SrcAddr: 111.254.0.0 DstAddr: 111.132.0.0 SrcAddr: :: DstAddr: :: Packets: 1 Octets: 82 [Duration: 0.000000000 seconds (milliseconds)] StartTime: Jul 12, 2022 14:31:49.588000000 CEST EndTime: Jul 12, 2022 14:31:49.588000000 CEST SrcPort: 0 DstPort: 0 TCP Flags: 0x0000 0000 .... .... .... = Zero (Header Length): 0x0 .... 000. .... .... = Reserved: 0x0 .... ...0 .... .... = ECN Nonce Sum: Not used .... .... 0... .... = CWR: Not used .... .... .0.. .... = ECN Echo: Not used .... .... ..0. .... = URG: Not used .... .... ...0 .... = ACK: Not used .... .... .... 0... = PSH: Not used .... .... .... .0.. = RST: Not used .... .... .... ..0. = SYN: Not used .... .... .... ...0 = FIN: Not used Protocol: ICMP (1) IPv6 Extension Headers: 0x00000000 IPv6 Next Header: 0 ipv6FlowLabel: 0 IP ToS: 0x00 IPVersion: 4 ICMP Type: 0x0800 Ingress VRFID: 52 BGPNextHop: 0.0.0.0 BGPNextHop: :: Flow 7 Source Mac Address: Cisco_6b:e9:9a (a8:0c:XX:XX:e9:9a) Destination Mac Address: JuniperN_fd:f0:46 (fc:33:XX:XX:f0:46) Ingress Physical Interface: 1342177336 Egress Physical Interface: 4052 Dot1q Vlan Id: 200 Dot1q Customer Vlan Id: 0 Post Dot1q Vlan Id: 0 Post Dot1q Customer Vlan Id: 2 SrcAddr: 111.208.0.0 DstAddr: 111.8.0.0 SrcAddr: :: DstAddr: :: Packets: 1 Octets: 70 [Duration: 0.000000000 seconds (milliseconds)] StartTime: Jul 12, 2022 14:31:49.598000000 CEST EndTime: Jul 12, 2022 14:31:49.598000000 CEST SrcPort: 27337 DstPort: 21533 TCP Flags: 0x0000 0000 .... .... .... = Zero (Header Length): 0x0 .... 000. .... .... = Reserved: 0x0 .... ...0 .... .... = ECN Nonce Sum: Not used .... .... 0... .... = CWR: Not used .... .... .0.. .... = ECN Echo: Not used .... .... ..0. .... = URG: Not used .... .... ...0 .... = ACK: Not used .... .... .... 0... = PSH: Not used .... .... .... .0.. = RST: Not used .... .... .... ..0. = SYN: Not used .... .... .... ...0 = FIN: Not used Protocol: UDP (17) IPv6 Extension Headers: 0x00000000 IPv6 Next Header: 0 ipv6FlowLabel: 0 IP ToS: 0x00 IPVersion: 4 ICMP Type: 0x0000 Ingress VRFID: 2 BGPNextHop: 0.0.0.0 BGPNextHop: :: Flow 8 Source Mac Address: Cisco_6b:e9:9a (a8:0c:XX:XX:e9:9a) Destination Mac Address: AristaNe_46:b3:41 (74:83:XX:XX:b3:41) Ingress Physical Interface: 1342177336 Egress Physical Interface: 21 Dot1q Vlan Id: 200 Dot1q Customer Vlan Id: 0 Post Dot1q Vlan Id: 0 Post Dot1q Customer Vlan Id: 2 SrcAddr: 111.16.0.0 DstAddr: 111.131.0.0 SrcAddr: :: DstAddr: :: Packets: 5 Octets: 430 [Duration: 17.740000000 seconds (milliseconds)] StartTime: Jul 12, 2022 14:31:31.858000000 CEST EndTime: Jul 12, 2022 14:31:49.598000000 CEST SrcPort: 47630 DstPort: 443 TCP Flags: 0x0010, ACK 0000 .... .... .... = Zero (Header Length): 0x0 .... 000. .... .... = Reserved: 0x0 .... ...0 .... .... = ECN Nonce Sum: Not used .... .... 0... .... = CWR: Not used .... .... .0.. .... = ECN Echo: Not used .... .... ..0. .... = URG: Not used .... .... ...1 .... = ACK: Used .... .... .... 0... = PSH: Not used .... .... .... .0.. = RST: Not used .... .... .... ..0. = SYN: Not used .... .... .... ...0 = FIN: Not used Protocol: TCP (6) IPv6 Extension Headers: 0x00000000 IPv6 Next Header: 0 ipv6FlowLabel: 0 IP ToS: 0x00 IPVersion: 4 ICMP Type: 0x0000 Ingress VRFID: 2 BGPNextHop: 0.0.0.0 BGPNextHop: ::