ICMP table

This table contains ICMP traffic, but the protocol used for each column can be ICMP,IP,DNS,UDP or TCP or a combination of these protocols. The meta type is used for columns that contain data that is not directly extracted from network packet data. Meta data is descriptive data about the network data, such as the geographical location of an IP address. Data in column names starting with “orig_” is extracted from the payload of ICMP packets. The payload data of an ICMP packet may contain the first 8 bytes of the original DNS response packet sent out by the name server.

column protocol type description
query_ts - META packet timestamp in UTC, uses TIMESTAMP datatype
icmp_type ICMP request ICMP type
icmp_code ICMP request ICMP code
icmp_echo_client_type ICMP request type of ICMP client. (1= RIPE Atlas, 2=Unix/Linux, 3=Windows, 4=PRTG )
ip_ttl IP request TTL IP packet
ip_v IP request IP version 4 or 6
ip_src IP request source IP address
ip_dst IP request destination IP address
ip_country IP request geographical location source IP
ip_asn IP request autononmous system number source IP
ip_len META request length IP packet
l4_prot UDP/TCP request Layer 4 protocol TCP/UDP/ICMP
l4_srcp UDP/TCP request TCP/UDP source port
l4_dstp UDP/TCP request TCP/UDP destination port
orig_ip_ttl IP response TTL of the IP packet
orig_ip_v IP request IP version\ 4 or 6
orig_ip_src IP response source IP adres
orig_ip_dst IP response destination IP adres
orig_l4_prot UDP/TCP response Layer 4 protocol TCP/UDP/ICMP
orig_l4_srcp UDP/TCP response TCP/UDP source port
orig_l4_dstp UDP/TCP response TCP/UDP destination port
orig_udp_sum UDP response UDP checksum
orig_ip_len META response length packet
orig_icmp_type ICMP response ICMP type
orig_icmp_code ICMP response ICMP code
orig_icmp_echo_client_type ICMP response type of ICMP client. (1=RIPE Atlas, 2=Unix/Linux, 3=Windows, 4=PRTG)
orig_dns_id DNS response see DNS table above
orig_dns_qname DNS response see DNS table above
orig_dns_domainname DNS response see DNS table above
orig_dns_len DNS response see DNS table above
orig_dns_aa DNS response see DNS table above
orig_dns_tc DNS response see DNS table above
orig_dns_rd DNS response see DNS table above
orig_dns_ra DNS response see DNS table above
orig_dns_z DNS response see DNS table above
orig_dns_ad DNS response see DNS table above
orig_dns_cd DNS response see DNS table above
orig_dns_ancount DNS response see DNS table above
orig_dns_arcount DNS response see DNS table above
orig_dns_nscount DNS response see DNS table above
orig_dns_qdcount DNS response see DNS table above
orig_dns_rcode DNS response see DNS table above
orig_dns_qtype DNS response see DNS table above
orig_dns_opcode DNS response see DNS table above
orig_dns_qclass DNS response see DNS table above
orig_dns_edns_udp DNS response see DNS table above
orig_dns_edns_version DNS response see DNS table above
orig_dns_edns_do DNS response see DNS table above
orig_dns_labels DNS META see DNS table above
server_location META request location of the anycast node, only if anycast encoding is used for the file input directory
pcap_file DNS request name of the input pcap file
ip_pub_resolver DNS request public resolver used e.g. Google, OpenDNS …
year META query year part of timestamp
month META query month part of timestamp
day META query day part of timestamp

For more information about ICMP see ICMP v4 and ICMP v6