Cisco Cisco Firepower Management Center 4000
18-31
FireSIGHT System User Guide
Chapter 18 Working with Intrusion Events
Using the Packet View
Viewing Transport Layer Information
License:
Protection
On the packet view, click the arrow next to the transport layer protocol (for example,
TCP
,
UDP
, or
ICMP
)
to view more information about the packet.
Tip
Click
Data
when present to view the first twenty-four bytes of the payload for the protocol immediately
above it in the Packet Information section of the packet view.
The contents of the transport layer for each of the following protocols is described below:
•
•
•
Note
Note that these examples discuss TCP, UDP, and ICMP packets; other protocols may also appear.
TCP Packet View
License:
Protection
This section describes the protocol-specific information for a TCP packet.
Source port
The number that identifies the originating application protocol.
Destination port
The number that identifies the receiving application protocol.
Sequence number
The value for the first byte in the current TCP segment, keyed to initial sequence number in the TCP
stream.
stream.
Next sequence number
In a response packet, the sequence number of the next packet to send.
Acknowledgement number
The TCP acknowledgement, which is keyed to the sequence number of the previously accepted data.
Header Length
The number of bytes in the header.
Flags
The six bits that indicate the TCP segment’s transmission state:
–
U
— the urgent pointer is valid
–
A
— the acknowledgement number is valid