Cisco Cisco Firepower Management Center 4000

18-31

FireSIGHT System User Guide

Chapter 18 Working with Intrusion Events

Using the Packet View

Viewing Transport Layer Information

License:

Protection

On the packet view, click the arrow next to the transport layer protocol (for example,

TCP

UDP

, or

ICMP

)

to view more information about the packet.

Tip

Click

Data

when present to view the first twenty-four bytes of the payload for the protocol immediately

above it in the Packet Information section of the packet view.

The contents of the transport layer for each of the following protocols is described below:

•

TCP Packet View, page 18-31

•

UDP Packet View, page 18-32

•

ICMP Packet View, page 18-32

Note

Note that these examples discuss TCP, UDP, and ICMP packets; other protocols may also appear.

TCP Packet View

License:

Protection

This section describes the protocol-specific information for a TCP packet.

Source port

The number that identifies the originating application protocol.

Destination port

The number that identifies the receiving application protocol.

Sequence number

The value for the first byte in the current TCP segment, keyed to initial sequence number in the TCP
stream.

Next sequence number

In a response packet, the sequence number of the next packet to send.

Acknowledgement number

The TCP acknowledgement, which is keyed to the sequence number of the previously accepted data.

Header Length

The number of bytes in the header.

Flags

The six bits that indicate the TCP segment’s transmission state:

–

— the urgent pointer is valid

–

— the acknowledgement number is valid