These elements correspond to the reverse flow captured by in YAF record.
| Field Name | Type | Description |
|---|---|---|
| Reverse_Octet_Total_Count0..1 | IntegerObjectPropertyType |
Number of octets in packets in reverse direction of flow. May be encoded in 4 octets using IPFIX reduced-length encoding. |
| Reverse_Packet_Total_Count0..1 | IntegerObjectPropertyType |
Number of packets in reverse direction of flow. |
| Reverse_Payload_Entropy0..1 | IntegerObjectPropertyType |
Shannon Entropy calculation of the reverse payload data. The calculation generates a real number value between 0.0 and 8.0. That number is then converted into an 8-bit integer value between 0 and 255. Roughly, numbers above 230 are generally compressed (or encrypted) and numbers centered around approximately 140 are English text. Lower numbers carry even less information content. |
| Reverse_Flow_Delta_Milliseconds0..1 | IntegerObjectPropertyType |
RTT of initial handshake. |
| TCP_Reverse_Flow0..1 | YAFTCPFlowType |
The associated elements relate to the reverse packets of the flow. |
| Reverse_Vlan_ID_MAC_Addr0..1 | AddressObjectType |
Reverse MAC address. |
| Reverse_Passive_OS_Fingerprinting0..1 | PlatformSpecificationType |
OS name and version of the reverse flow. |
| Reverse_First_Packet0..1 | HexBinaryObjectPropertyType |
First reverse packet IP payload. |
| Reverse_N_Bytes_Payload0..1 | HexBinaryObjectPropertyType |
Initial n bytes of reverse direction of flow payload. |