This table contains ICMP traffic, but the protocol used for each column can be ICMP,IP,DNS,UDP or TCP or a combination of these protocols. The meta type is used for columns that contain data that is not directly extracted from network packet data. Meta data is descriptive data about the network data, such as the geographical location of an IP address. Data in column names starting with “orig_” is extracted from the payload of ICMP packets. The payload data of an ICMP packet may contain the first 8 bytes of the original DNS response packet sent out by the name server.
| column | protocol | type | description |
|---|---|---|---|
| query_ts | - | META | packet timestamp in UTC, uses TIMESTAMP datatype |
| icmp_type | ICMP | request | ICMP type |
| icmp_code | ICMP | request | ICMP code |
| icmp_echo_client_type | ICMP | request | type of ICMP client. (1= RIPE Atlas, 2=Unix/Linux, 3=Windows, 4=PRTG ) |
| ip_ttl | IP | request | TTL IP packet |
| ip_v | IP | request | IP version 4 or 6 |
| ip_src | IP | request | source IP address |
| ip_dst | IP | request | destination IP address |
| ip_country | IP | request | geographical location source IP |
| ip_asn | IP | request | autononmous system number source IP |
| ip_len | META | request | length IP packet |
| l4_prot | UDP/TCP | request | Layer 4 protocol TCP/UDP/ICMP |
| l4_srcp | UDP/TCP | request | TCP/UDP source port |
| l4_dstp | UDP/TCP | request | TCP/UDP destination port |
| orig_ip_ttl | IP | response | TTL of the IP packet |
| orig_ip_v | IP | request | IP version\ 4 or 6 |
| orig_ip_src | IP | response | source IP adres |
| orig_ip_dst | IP | response | destination IP adres |
| orig_l4_prot | UDP/TCP | response | Layer 4 protocol TCP/UDP/ICMP |
| orig_l4_srcp | UDP/TCP | response | TCP/UDP source port |
| orig_l4_dstp | UDP/TCP | response | TCP/UDP destination port |
| orig_udp_sum | UDP | response | UDP checksum |
| orig_ip_len | META | response | length packet |
| orig_icmp_type | ICMP | response | ICMP type |
| orig_icmp_code | ICMP | response | ICMP code |
| orig_icmp_echo_client_type | ICMP | response | type of ICMP client. (1=RIPE Atlas, 2=Unix/Linux, 3=Windows, 4=PRTG) |
| orig_dns_id | DNS | response | see DNS table above |
| orig_dns_qname | DNS | response | see DNS table above |
| orig_dns_domainname | DNS | response | see DNS table above |
| orig_dns_len | DNS | response | see DNS table above |
| orig_dns_aa | DNS | response | see DNS table above |
| orig_dns_tc | DNS | response | see DNS table above |
| orig_dns_rd | DNS | response | see DNS table above |
| orig_dns_ra | DNS | response | see DNS table above |
| orig_dns_z | DNS | response | see DNS table above |
| orig_dns_ad | DNS | response | see DNS table above |
| orig_dns_cd | DNS | response | see DNS table above |
| orig_dns_ancount | DNS | response | see DNS table above |
| orig_dns_arcount | DNS | response | see DNS table above |
| orig_dns_nscount | DNS | response | see DNS table above |
| orig_dns_qdcount | DNS | response | see DNS table above |
| orig_dns_rcode | DNS | response | see DNS table above |
| orig_dns_qtype | DNS | response | see DNS table above |
| orig_dns_opcode | DNS | response | see DNS table above |
| orig_dns_qclass | DNS | response | see DNS table above |
| orig_dns_edns_udp | DNS | response | see DNS table above |
| orig_dns_edns_version | DNS | response | see DNS table above |
| orig_dns_edns_do | DNS | response | see DNS table above |
| orig_dns_labels | DNS | META | see DNS table above |
| server_location | META | request | location of the anycast node, only if anycast encoding is used for the file input directory |
| pcap_file | DNS | request | name of the input pcap file |
| ip_pub_resolver | DNS | request | public resolver used e.g. Google, OpenDNS … |
| year | META | query | year part of timestamp |
| month | META | query | month part of timestamp |
| day | META | query | day part of timestamp |