Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
470
Views
0
Helpful
2
Replies

What uses IP protocol 11 (Network Voice)?? Check out this flow display....

jkeeffe
Level 2
Level 2

‎08-22-2003 08:52 AM - edited ‎03-02-2019 09:49 AM

On a 7206 router I am seeing hundreds of flows with protocol 11. Any idea what application uses this protocol? Here is a small portion of the output of 'sh ip-cache flow':

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow

TCP-Telnet 621 0.0 26 65 0.0 10.0 15.3

TCP-FTP 4 0.0 21 50 0.0 2.4 1.4

TCP-FTPD 16 0.0 9 40 0.0 0.3 1.5

TCP-WWW 430 0.0 6 128 0.0 0.3 2.9

TCP-other 15646 0.0 22 284 0.0 2.0 6.7

UDP-DNS 783 0.0 1 71 0.0 0.0 15.4

UDP-NTP 27 0.0 1 88 0.0 0.0 15.4

UDP-Frag 209 0.0 3 176 0.0 3.1 15.5

UDP-other 5389 0.0 16 474 0.0 0.3 15.5

ICMP 749 0.0 2 202 0.0 0.6 15.5

IP-other 8 0.0 23 46 0.0 21.6 15.5

Total: 23882 0.0 19 312 0.1 1.7 9.5

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts

Fa6/0 164.72.153.194 Fa6/0 164.72.155.157 11 0000 0000 14

Fa6/0 164.72.153.33 Fa6/0 164.72.155.153 11 0000 0000 1

Fa6/0 164.72.154.85 Fa6/0 164.72.155.157 11 0000 0000 1

Fa6/0 164.72.155.157 Fa6/0 164.72.153.186 11 0000 0000 1

Fa6/0 164.72.153.186 Fa6/0 164.72.155.157 11 0000 0000 1

Fa6/0 164.72.155.159 Fa6/0 164.72.152.160 11 0B97 0B97 2

Fa6/0 164.72.152.238 Fa6/0 164.72.155.159 11 0B97 0B97 2

Fa6/0 164.72.152.247 Fa6/0 164.72.155.159 11 0B97 0B97 2

Fa6/0 164.72.152.192 Fa6/0 164.72.155.159 11 0B97 0B97 2

Fa6/0 164.72.155.153 Fa6/0 164.72.153.33 11 0000 0000 1

Fa6/0 164.72.155.159 Fa6/0 164.72.152.247 11 0B97 0B97 2

Fa6/0 164.72.155.159 Fa6/0 164.72.152.238 11 0B97 0B97 2

Fa6/0 164.72.154.105 Null 164.72.154.127 11 008A 008A 1

Fa6/0 164.72.154.66 Null 164.72.154.127 11 008A 008A 1

Fa6/0 164.72.152.160 Fa6/0 164.72.155.159 11 0B97 0B97 2

Fa6/0 164.72.155.159 Fa6/0 164.72.152.176 11 0B97 0B97 2

Fa6/0 164.72.152.176 Fa6/0 164.72.155.159 11 0B97 0B97 2

Labels:
0 Helpful
2 Replies 2

forbesl
Level 1
Level 1

‎08-22-2003 09:40 AM

This could be it...

http://honeynet.hackers.nl/reverse/results/sol/sol-06/advisory.html

0 Helpful

jkeeffe
Level 2
Level 2
In response to forbesl

‎08-22-2003 09:48 AM

Thanks for the information.

I actually may be OK. I was reading the protocol field in the flow output as a decimal number instead of a hex number. If that field is a hex number then hex 11 = dec 17 which is UDP and completely valid.

I know that the source port and destination port fields are hex. Is that true for the source and destination protocol fields also?

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card