Technical Documentation

Downloads
Understanding sctop Flow Table Reports

Related Topics
sctop Task Summary

Understanding sctop Flow Table Reports

Table 1 is a sample sctop flow table report.

Table 1: sctop Flow Table Report

Source-IP	Port	Destination-IP	Port	Flag	Direction	State	Service	Timeout
10.150.98.62	4137	10.150.20.43	139	R----	->>	Ltn	SMB	30/30
10.150.20.43	139	10.150.98.62	4137	R----	<<-	Close	-	30/30
10.150.73.39	6000	10.150.20.242	43117	R----	->>	Ltn	-	30/30

The Flag column includes 5 bits. Table 2 describes the sctop flow table flag column.

Table 2: sctop Flow Table: Flag Column

Position 1	Position 2	Position 3	Position 4	Position 5
Flow state. One of the following: R (ready) A (anticipated) V (virtual) X (rejected) U (unknown)	Management flow. One of the following: m (management flow) – (not management flow)	Auxiliary flow. One of the following: a (auxiliary flow) - (not auxiliary flow)	Packet logging. One of the following: P (packet logging) - (not packet logging)	Flow sync. One of the following: - (normal flow) f (flow from failover) s (flow synced from another IDP device)

Position 1

Position 2

Position 3

Position 4

Position 5

Flow state. One of the following:

R (ready)
A (anticipated)
V (virtual)
X (rejected)
U (unknown)

Management flow. One of the following:

m (management flow)
– (not management flow)

Auxiliary flow. One of the following:

a (auxiliary flow)
- (not auxiliary flow)

Packet logging. One of the following:

P (packet logging)
- (not packet logging)

Flow sync. One of the following:

- (normal flow)
f (flow from failover)
s (flow synced from another IDP device)

For example, the flag R– – – – signifies ready, nonmanagement, nonauxiliary, no packet logging, normal; the flag A--ps signifies anticipated, nonmanagement, nonauxiliary, with packet logging, and synced over from another IDP.

Technical Documentation

Understanding sctop Flow Table Reports

Published: 2010-01-12