kFunction=NetFlowLib.DecodeV9Packet (15/05/2018 7:11:09 PM) Length(sPacket)=216 [15] 0001: 00 09 00 04 00 F8 4C 64 5A FA AB 36 00 00 73 4D ......Ld Z..6..sM 0011: 00 00 00 00 01 00 00 C4 00 F7 E4 D8 00 F7 E4 D8 ........ ........ 0021: 00 00 00 29 00 00 00 01 00 0F 00 12 0A 00 00 0B ...).... ........ 0031: AC D9 19 83 06 00 F3 0C 00 50 00 00 00 00 00 00 ........ .P...... 0041: 00 08 10 00 00 00 00 00 00 F8 19 E4 00 F8 18 60 ........ .......` 0051: 00 00 01 FE 00 00 00 09 00 0F 00 12 0A 00 00 02 ........ ........ 0061: 67 01 BA 15 06 00 13 5A 00 50 00 00 00 00 00 00 g......Z .P...... 0071: 00 08 1B 00 00 00 00 00 00 F8 19 E4 00 F8 18 A0 ........ ........ 0081: 00 00 2F 79 00 00 00 0C 00 15 00 0F 67 01 BA 15 ../y.... ....g... 0091: 0A 00 00 02 06 00 00 50 13 5A 00 00 0A 00 00 02 .......P .Z...... 00A1: 08 00 1B 01 00 00 00 00 00 F8 07 78 00 F8 07 78 ........ ...x...x 00B1: 00 00 00 6C 00 00 00 01 00 0F 00 00 0A 00 00 02 ...l.... ........ 00C1: FF FF FF FF 11 00 13 59 3B 3F 00 00 00 00 00 00 .......Y ;?...... 00D1: 20 08 10 00 00 00 00 00 ....... iPtr=21 [15] Header.Version [01-02]=9 Header.FlowSets [03-04]=4 Header.Sys_Uptime [05-08]=16272484 Header.UnixSeconds [09-0C]=1526377270 Header.Flow_Sequence [0D-10]=29517 (Incremental sequence No) Header.Source_ID [11-14]=0 (This the flow ID) FlowSetID [15-16]=256 0->Template record, 1->Optional feilds, >255 -> Data record FlowSetLength [17-18]=196 [00C4] iPtrCheck=iPrt+iFlowsetLength-4 (FlowID & FlowLength) 217=25+196-4 [D9] *** START FLOWSET PROCESSING. iDataFlowSet+iTemplateFlowSet=1 of 4 *** field=1 of 21 iPtr=19 type=21 length=4 [19-1C] TotalLength=4 LAST_SWITCHED= *** iPtrCheck=213 field=2 of 21 iPtr=1D type=22 length=4 [1D-20] TotalLength=8 FIRST_SWITCHED= *** iPtrCheck=209 field=3 of 21 iPtr=21 type=1 length=4 [21-24] TotalLength=12 IN_BYTES=41 *** iPtrCheck=205 field=4 of 21 iPtr=25 type=2 length=4 [25-28] TotalLength=16 InPkts=1 iPtr=37 0 0 0 1 *** iPtrCheck=201 field=5 of 21 iPtr=29 type=10 length=2 [29-2A] TotalLength=18 INPUT_SNMP= *** iPtrCheck=199 field=6 of 21 iPtr=2B type=14 length=2 [2B-2C] TotalLength=20 OUTPUT_SNMP= *** iPtrCheck=197 field=7 of 21 iPtr=2D type=8 length=4 [2D-30] TotalLength=24 IPV4_SRC_ADDR=10.0.0.11 *** iPtrCheck=193 field=8 of 21 iPtr=31 type=12 length=4 [31-34] TotalLength=28 IPV4_DST_Addr=172.217.25.131 *** iPtrCheck=189 field=9 of 21 iPtr=35 type=4 length=1 [35-35] TotalLength=29 PROTOCOL:=6 *** iPtrCheck=188 field=10 of 21 iPtr=36 type=5 length=1 [36-36] TotalLength=30 SRC_TOS=0 *** iPtrCheck=187 field=11 of 21 iPtr=37 type=7 length=2 [37-38] TotalLength=32 L4_SRC_PORT=62220 *** iPtrCheck=185 field=12 of 21 iPtr=39 type=11 length=2 [39-3A] TotalLength=34 L4_DST_PORT=80 *** iPtrCheck=183 field=13 of 21 iPtr=3B type=48 length=1 [3B-3B] TotalLength=35 FLOW_SAMPLER_ID= *** iPtrCheck=182 field=14 of 21 iPtr=3C type=51 length=1 [3C-3C] TotalLength=36 *Vendor Proprietary*= *** iPtrCheck=181 field=15 of 21 iPtr=3D type=15 length=4 [3D-40] TotalLength=40 IPV4_NEXT_HOP [3D]=0.0.0.0 *** iPtrCheck=177 field=16 of 21 iPtr=41 type=13 length=1 [41-41] TotalLength=41 DST_MASK=0 *** iPtrCheck=176 field=17 of 21 iPtr=42 type=9 length=1 [42-42] TotalLength=42 SRC_MASK=8 *** iPtrCheck=175 field=18 of 21 iPtr=43 type=6 length=1 [43-43] TotalLength=43 TCP_FLAGS=16 *** iPtrCheck=174 field=19 of 21 iPtr=44 type=61 length=1 [44-44] TotalLength=44 DIRECTION=0 *** iPtrCheck=173 field=20 of 21 iPtr=45 type=17 length=2 [45-46] TotalLength=46 DST_AS [45]=0 *** iPtrCheck=171 field=21 of 21 iPtr=47 type=16 length=2 [47-48] TotalLength=48 SRC_AS [47]=0 *** iPtrCheck=169 *** END iDataFlowSet=1 iFlowsetLength=196 iPTR=73 [49] iPTRCheck=169 [A9] *** START FLOWSET PROCESSING. iDataFlowSet+iTemplateFlowSet=2 of 4 *** field=1 of 21 iPtr=49 type=21 length=4 [49-4C] TotalLength=52 LAST_SWITCHED= *** iPtrCheck=165 field=2 of 21 iPtr=4D type=22 length=4 [4D-50] TotalLength=56 FIRST_SWITCHED= *** iPtrCheck=161 field=3 of 21 iPtr=51 type=1 length=4 [51-54] TotalLength=60 IN_BYTES=510 *** iPtrCheck=157 field=4 of 21 iPtr=55 type=2 length=4 [55-58] TotalLength=64 InPkts=9 iPtr=85 0 0 0 9 *** iPtrCheck=153 field=5 of 21 iPtr=59 type=10 length=2 [59-5A] TotalLength=66 INPUT_SNMP= *** iPtrCheck=151 field=6 of 21 iPtr=5B type=14 length=2 [5B-5C] TotalLength=68 OUTPUT_SNMP= *** iPtrCheck=149 field=7 of 21 iPtr=5D type=8 length=4 [5D-60] TotalLength=72 IPV4_SRC_ADDR=10.0.0.2 *** iPtrCheck=145 field=8 of 21 iPtr=61 type=12 length=4 [61-64] TotalLength=76 IPV4_DST_Addr=103.1.186.21 *** iPtrCheck=141 field=9 of 21 iPtr=65 type=4 length=1 [65-65] TotalLength=77 PROTOCOL:=6 *** iPtrCheck=140 field=10 of 21 iPtr=66 type=5 length=1 [66-66] TotalLength=78 SRC_TOS=0 *** iPtrCheck=139 field=11 of 21 iPtr=67 type=7 length=2 [67-68] TotalLength=80 L4_SRC_PORT=4954 *** iPtrCheck=137 field=12 of 21 iPtr=69 type=11 length=2 [69-6A] TotalLength=82 L4_DST_PORT=80 *** iPtrCheck=135 field=13 of 21 iPtr=6B type=48 length=1 [6B-6B] TotalLength=83 FLOW_SAMPLER_ID= *** iPtrCheck=134 field=14 of 21 iPtr=6C type=51 length=1 [6C-6C] TotalLength=84 *Vendor Proprietary*= *** iPtrCheck=133 field=15 of 21 iPtr=6D type=15 length=4 [6D-70] TotalLength=88 IPV4_NEXT_HOP [6D]=0.0.0.0 *** iPtrCheck=129 field=16 of 21 iPtr=71 type=13 length=1 [71-71] TotalLength=89 DST_MASK=0 *** iPtrCheck=128 field=17 of 21 iPtr=72 type=9 length=1 [72-72] TotalLength=90 SRC_MASK=8 *** iPtrCheck=127 field=18 of 21 iPtr=73 type=6 length=1 [73-73] TotalLength=91 TCP_FLAGS=27 *** iPtrCheck=126 field=19 of 21 iPtr=74 type=61 length=1 [74-74] TotalLength=92 DIRECTION=0 *** iPtrCheck=125 field=20 of 21 iPtr=75 type=17 length=2 [75-76] TotalLength=94 DST_AS [75]=0 *** iPtrCheck=123 field=21 of 21 iPtr=77 type=16 length=2 [77-78] TotalLength=96 SRC_AS [77]=0 *** iPtrCheck=121 *** END iDataFlowSet=2 iFlowsetLength=196 iPTR=121 [79] iPTRCheck=121 [79] *** START FLOWSET PROCESSING. iDataFlowSet+iTemplateFlowSet=3 of 4 *** field=1 of 21 iPtr=79 type=21 length=4 [79-7C] TotalLength=100 LAST_SWITCHED= *** iPtrCheck=117 field=2 of 21 iPtr=7D type=22 length=4 [7D-80] TotalLength=104 FIRST_SWITCHED= *** iPtrCheck=113 field=3 of 21 iPtr=81 type=1 length=4 [81-84] TotalLength=108 IN_BYTES=12153 *** iPtrCheck=109 field=4 of 21 iPtr=85 type=2 length=4 [85-88] TotalLength=112 InPkts=12 iPtr=133 0 0 0 12 *** iPtrCheck=105 field=5 of 21 iPtr=89 type=10 length=2 [89-8A] TotalLength=114 INPUT_SNMP= *** iPtrCheck=103 field=6 of 21 iPtr=8B type=14 length=2 [8B-8C] TotalLength=116 OUTPUT_SNMP= *** iPtrCheck=101 field=7 of 21 iPtr=8D type=8 length=4 [8D-90] TotalLength=120 IPV4_SRC_ADDR=103.1.186.21 *** iPtrCheck=97 field=8 of 21 iPtr=91 type=12 length=4 [91-94] TotalLength=124 IPV4_DST_Addr=10.0.0.2 *** iPtrCheck=93 field=9 of 21 iPtr=95 type=4 length=1 [95-95] TotalLength=125 PROTOCOL:=6 *** iPtrCheck=92 field=10 of 21 iPtr=96 type=5 length=1 [96-96] TotalLength=126 SRC_TOS=0 *** iPtrCheck=91 field=11 of 21 iPtr=97 type=7 length=2 [97-98] TotalLength=128 L4_SRC_PORT=80 *** iPtrCheck=89 field=12 of 21 iPtr=99 type=11 length=2 [99-9A] TotalLength=130 L4_DST_PORT=4954 *** iPtrCheck=87 field=13 of 21 iPtr=9B type=48 length=1 [9B-9B] TotalLength=131 FLOW_SAMPLER_ID= *** iPtrCheck=86 field=14 of 21 iPtr=9C type=51 length=1 [9C-9C] TotalLength=132 *Vendor Proprietary*= *** iPtrCheck=85 field=15 of 21 iPtr=9D type=15 length=4 [9D-A0] TotalLength=136 IPV4_NEXT_HOP [9D]=10.0.0.2 *** iPtrCheck=81 field=16 of 21 iPtr=A1 type=13 length=1 [A1-A1] TotalLength=137 DST_MASK=8 *** iPtrCheck=80 field=17 of 21 iPtr=A2 type=9 length=1 [A2-A2] TotalLength=138 SRC_MASK=0 *** iPtrCheck=79 field=18 of 21 iPtr=A3 type=6 length=1 [A3-A3] TotalLength=139 TCP_FLAGS=27 *** iPtrCheck=78 field=19 of 21 iPtr=A4 type=61 length=1 [A4-A4] TotalLength=140 DIRECTION=1 *** iPtrCheck=77 field=20 of 21 iPtr=A5 type=17 length=2 [A5-A6] TotalLength=142 DST_AS [A5]=0 *** iPtrCheck=75 field=21 of 21 iPtr=A7 type=16 length=2 [A7-A8] TotalLength=144 SRC_AS [A7]=0 *** iPtrCheck=73 *** END iDataFlowSet=3 iFlowsetLength=196 iPTR=169 [A9] iPTRCheck=73 [49] *** START FLOWSET PROCESSING. iDataFlowSet+iTemplateFlowSet=4 of 4 *** field=1 of 21 iPtr=A9 type=21 length=4 [A9-AC] TotalLength=148 LAST_SWITCHED= *** iPtrCheck=69 field=2 of 21 iPtr=AD type=22 length=4 [AD-B0] TotalLength=152 FIRST_SWITCHED= *** iPtrCheck=65 field=3 of 21 iPtr=B1 type=1 length=4 [B1-B4] TotalLength=156 IN_BYTES=108 *** iPtrCheck=61 field=4 of 21 iPtr=B5 type=2 length=4 [B5-B8] TotalLength=160 InPkts=1 iPtr=181 0 0 0 1 *** iPtrCheck=57 field=5 of 21 iPtr=B9 type=10 length=2 [B9-BA] TotalLength=162 INPUT_SNMP= *** iPtrCheck=55 field=6 of 21 iPtr=BB type=14 length=2 [BB-BC] TotalLength=164 OUTPUT_SNMP= *** iPtrCheck=53 field=7 of 21 iPtr=BD type=8 length=4 [BD-C0] TotalLength=168 IPV4_SRC_ADDR=10.0.0.2 *** iPtrCheck=49 field=8 of 21 iPtr=C1 type=12 length=4 [C1-C4] TotalLength=172 IPV4_DST_Addr=255.255.255.255 *** iPtrCheck=45 field=9 of 21 iPtr=C5 type=4 length=1 [C5-C5] TotalLength=173 PROTOCOL:=17 *** iPtrCheck=44 field=10 of 21 iPtr=C6 type=5 length=1 [C6-C6] TotalLength=174 SRC_TOS=0 *** iPtrCheck=43 field=11 of 21 iPtr=C7 type=7 length=2 [C7-C8] TotalLength=176 L4_SRC_PORT=4953 *** iPtrCheck=41 field=12 of 21 iPtr=C9 type=11 length=2 [C9-CA] TotalLength=178 L4_DST_PORT=15167 *** iPtrCheck=39 field=13 of 21 iPtr=CB type=48 length=1 [CB-CB] TotalLength=179 FLOW_SAMPLER_ID= *** iPtrCheck=38 field=14 of 21 iPtr=CC type=51 length=1 [CC-CC] TotalLength=180 *Vendor Proprietary*= *** iPtrCheck=37 field=15 of 21 iPtr=CD type=15 length=4 [CD-D0] TotalLength=184 IPV4_NEXT_HOP [CD]=0.0.0.0 *** iPtrCheck=33 field=16 of 21 iPtr=D1 type=13 length=1 [D1-D1] TotalLength=185 DST_MASK=32 *** iPtrCheck=32 field=17 of 21 iPtr=D2 type=9 length=1 [D2-D2] TotalLength=186 SRC_MASK=8 *** iPtrCheck=31 field=18 of 21 iPtr=D3 type=6 length=1 [D3-D3] TotalLength=187 TCP_FLAGS=16 *** iPtrCheck=30 field=19 of 21 iPtr=D4 type=61 length=1 [D4-D4] TotalLength=188 DIRECTION=0 *** iPtrCheck=29 field=20 of 21 iPtr=D5 type=17 length=2 [D5-D6] TotalLength=190 DST_AS [D5]=0 *** iPtrCheck=27 field=21 of 21 iPtr=D7 type=16 length=2 [D7-D8] TotalLength=192 SRC_AS [D7]=0 *** iPtrCheck=25 *** END iDataFlowSet=4 iFlowsetLength=196 iPTR=217 [D9] iPTRCheck=25 [19] *** END OF FLOWSET PROCESSING iDataFlowSet=4 iTemplateFlowSet=0 iPtr=217 [D9] iPtrCheck=25 [19] ***