Cisco Cisco FirePOWER Appliance 8390
18-30
FireSIGHT System User Guide
Chapter 18 Working with Intrusion Events
Using the Packet View
Header Checksum
The indicator for whether the IP checksum is valid. If the checksum is invalid, the datagram may
have been corrupted during transit or may be being used in an intrusion evasion attempt.
have been corrupted during transit or may be being used in an intrusion evasion attempt.
Source/Destination
The IP address or domain name for the source (or destination) host.
Note that to display the domain name, you must enable IP address resolution; for more information,
see
see
Click the address or domain name to view the context menu, then select
Whois
to do a whois search
on the host,
View Host Profile
to view host information, or
Blacklist Now
or
Whitelist Now
to add the
address to a global blacklist or whitelist. See
and
Viewing IPv6 Network Layer Information
License:
Protection
The following listing describes protocol-specific information that might appear in an IPv6 packet.
Traffic Class
An experimental 8-bit field in the IPv6 header for identifying IPv6 packet classes or priorities
similar to the differentiated services functionality provided for IPv4. When unused, this field is set
to zero.
similar to the differentiated services functionality provided for IPv4. When unused, this field is set
to zero.
Flow Label
A optional 20-bit IPv6 hexadecimal value 1 to FFFFF that identifies a special flow such as
non-default quality of service or real-time service. When unused, this field is set to zero.
non-default quality of service or real-time service. When unused, this field is set to zero.
Payload Length
A 16-bit field identifying the number of octets in the IPv6 payload, which is comprised of all of the
packet following the IPv6 header, including any extension headers.
packet following the IPv6 header, including any extension headers.
Next Header
An 8-bit field identifying the type of header immediately following the IPv6 header, using the same
values as the IPv4 Protocol field.
values as the IPv4 Protocol field.
Hop Limit
An 8-bit decimal integer that each node that forwards the packet decrements by one. The packet is
discarded if the decremented value reaches zero.
discarded if the decremented value reaches zero.
Source
The 128-bit IPv6 address for the source host.
Destination
The 128-bit IPv6 address for the destination host.