Cisco Cisco Firepower Management Center 4000
18-29
FireSIGHT System User Guide
Chapter 18 Working with Intrusion Events
Using the Packet View
Viewing IPv4 Network Layer Information
License:
Protection
The following listing describes protocol-specific information that might appear in an IPv4 packet.
Version
The Internet Protocol version number.
Header Length
The number of bytes in the header, including any IP options. An IP header with no options is 20
bytes long.
bytes long.
Differentiated Services Field
The values for differentiated services that indicate how the sending host supports Explicit
Congestion Notification (ECN):
Congestion Notification (ECN):
–
0x0
— does not support ECN-Capable Transport (ECT)
–
0x1
and
0x2
— supports ECT
–
0x3
— Congestion Experienced (CE)
Total Length
The length of the IP packet, in bytes, minus the IP header.
Identification
The value that uniquely identifies an IP datagram sent by the source host. This value is used to trace
fragments of the same datagram.
fragments of the same datagram.
Flags
The values that control IP fragmentation, where:
values for the Last Fragment flag indicate whether there are more fragments associated with the
datagram:
datagram:
–
0
— there are no more fragments associated with the datagram
–
1
— there are more fragments associated with the datagram
–
values for the Don’t Fragment flag control whether the datagram can be fragmented:
–
0
— the datagram can be fragmented
–
1
— the datagram must not be fragmented
Fragment Offset
The value for the fragment offset from the beginning of the datagram.
Time to Live (ttl)
The remaining number of hops that the datagram can make between routers before the datagram
expires.
expires.
Protocol
The transport protocol that is encapsulated in the IP datagram; for example, ICMP, IGMP, TCP, or
UDP.
UDP.