System for Internet-Level Knowledge (CMU/SEI). The fields are taken from a list shown in http://tools.netsa.cert.org/silk/rwcut.html. Fields common to all network flows are defined in NetworkFlowLabelType (e.g., source IP, SNMP ingress, etc.). For additional references, see http://tools.netsa.cert.org/silk/analysis-handbook.pdf, http://tools.netsa.cert.org/silk/faq.html#ipfix-fields.
| Field Name | Type | Description |
|---|---|---|
| Packet_Count0..1 | IntegerObjectPropertyType |
Represents the number of packets in the flow. |
| Byte_Count0..1 | IntegerObjectPropertyType |
Represents the number of Layer 3 bytes in the packets of the flow. |
| TCP_Flags0..1 | HexBinaryObjectPropertyType |
Specifies the union of all TCP flags observed over the life of the flow. |
| Start_Time0..1 | IntegerObjectPropertyType |
Represents the SysUpTime at start of flow, i.e. the total time in milliseconds starting from when the router booted. There is another element "Start_Time+msec" which is the starting time of flow including milliseconds, but milliseconds are the resolution of Start_Time unless the -legacy-timestamps switch is specified, so "Start_Time+msec" is not defined separately. |
| Duration0..1 | IntegerObjectPropertyType |
Specifies the duration of the flow. There is another element "Duration+msec" which is the starting time of flow including milliseconds, but milliseconds are the resolution of Duration unless the -legacy-timestamps switch is specified, so "Duration+msec" is not defined separately. |
| End_Time0..1 | IntegerObjectPropertyType |
Represents the SysUpTime at end of flow. There is another element "End_Time+msec" which is the starting time of flow including milliseconds, but milliseconds are the resolution of End_Time unless the -legacy-timestamps switch is specified, so "End_Time+msec" is not defined separately. |
| Sensor_Info0..1 | SiLKSensorInfoType |
Defines the fields associated with the sensor at the collection point. |
| ICMP_Type0..1 | IntegerObjectPropertyType |
ICMP type for ICMP flows. Empty for non-ICMP flows. |
| ICMP_Code0..1 | IntegerObjectPropertyType |
ICMP code for ICMP flows. Empty for non-ICMP flows. |
| Router_Next_Hop_IP0..1 | AddressObjectType |
Router next hop IP. |
| Initial_TCP_Flags0..1 | TCPFlagsType |
TCP flags on first packet in the flow. |
| Session_TCP_Flags0..1 | HexBinaryObjectPropertyType |
bit-wise OR of TCP flags over all packets except the first in the flow. |
| Flow_Attributes0..1 | SiLKFlowAttributesType |
Flow attributes set by the flow generator. |
| Flow_Application0..1 | IANAPortNumberRegistryType |
Based on an examination of payload contents, this value = the port number traditionally used for that type of traffic (21 for FTP traffic even if actually routed over port 80). Documentation (http://tools.netsa.cert.org/silk/rwcut.html) says this is a "guess as to the content of the flow". |
| Src_IP_Type0..1 | SiLKAddressType |
The type of the source IP in terms of whether the address is routable, external, etc. |
| Dest_IP_Type0..1 | SiLKAddressType |
The type of the destination IP in terms of whether the address is routable, external, etc. |
| Src_Country_Code0..1 | SiLKCountryCodeType |
A two-letter country code denoting the country of location of the source IP address. |
| Dest_Country_Code0..1 | SiLKCountryCodeType |
A two-letter country code denoting the country of location of the destination IP address. |
| Src_MAPNAME0..1 | StringObjectPropertyType |
User defined string for integrating external information into SiLK records. See documentation on SiLK pmap filter for details (defined in the prefix map associated with MAPNAME). |
| Dest_MAPNAME0..1 | StringObjectPropertyType |
User defined string for integrating external information into SiLK records. See documentation on SiLK pmap filter for details (defined in the prefix map associated with MAPNAME). |