PrepAway - Latest Free Exam Questions & Answers

Which of the following partial output from the show ip cache flow command would you expect to see for an HTTP

Which of the following partial output from the show ip cache flow command would you expect to see for an HTTP connection sent from 10.1.1.36? (Select the best answer.)

A. SrcIF SrcIPaddress DstIf DstIPaddress Pr SrcP DstP PktsEt0/0 10.1.1.36 Et1/0 10.2.1.74 06 C486 0050 1

B. SrcIF SrcIPaddress DstIf DstIPaddress Pr SrcP DstP PktsEt0/0 10.1.1.36 Et1/0 10.2.1.74 06 C486 0080 1
C. SrcIF SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts Et0/0 10.1.1.36 Et1/0 10.2.1.74 06 C486 01BB 1
D. SrcIF SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts Et0/0 10.1.1.36 Et1/0 10.2.1.74 06 C486 0443 1
E. SrcIF SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts Et0/0 10.1.1.36 Et1/0 10.2.1.74 80 C486 C486 1
F. SrcIF SrcIPaddress DstIf DstIPaddress PrSrcP DstP Pkts Et0/0 10.1.1.36 Et1/0 10.2.1.74 443 C486 C486 1

Explanation:

You would expect to see the following partial output from the show ip cache flow command for a Hypertext Transfer Protocol (HTTP) connection sentfrom 10.1.1.36:

SrcIF SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Et0/0 10.1.1.36 Et1/0 10.2.1.74 06 C486 0050 1

The show ip cache flow command is used to display a summary of NetFlow statistics. The DstP field indicatesthe destination port field and is displayed in hexadecimal. HTTP sends information over Transmission Control Protocol (TCP) port 80. The decimal value 80 converts to thehexadecimal value 50. Therefore, an HTTP connection would be displayed in the output of the show ip cache flow command as destination port 0050.

The destination port field would display a value of 0080 if the connection were using TCP port 128; the hexadecimal value 80 converts to the decimal value 128. Therefore, you would not expect tosee the following partial output from the show ip cache flowcommand for an HTTP connection sent from 10.1.1.36:

SrcIF SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Et0/0 10.1.1.36 Et1/0 10.2.1.74 06 C486 0080 1

The destination port field would display a value of 01BB if the connection were using TCP port 443; the hexadecimal value 1BB converts to the decimal value 443. HTTP Secure (HTTPS) sends information over TCP port 443. Therefore, you would expect to see the following output from the show ip cache flow command for an HTTPS connection sent from 10.1.1.36:

SrcIF SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Et0/0 10.1.1.36 Et1/0 10.2.1.74 06 C486 01BB 1

The destination port field would display a value of 0443 if the connection were using TCP port 1091; the hexadecimal value 443 converts to the decimal value 1091. Therefore, you would not expect to see the following partial output from the show ip cache flowcommand for an HTTP connection sent from 10.1.1.36:

SrcIF SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Et0/0 10.1.1.36 Et1/0 10.2.1.74 06 C486 0443 1

The Pr field is used to indicate the IP protocol number and is displayed in hexadecimal. The Pr field is set to a hexadecimal value of 06 for all TCP connections. You would not expect to see a value of 80 or 443 in the protocol field in the output of the show ip cache flowcommand for an HTTP connection sent from 10.1.1.36.

Reference:
https://www.cisco.com/en/US/docs/ios/12_3t/netflow/command/reference/nfl_a1gt_ps5207_TSD_Products_Command_Reference_Chapter.html#wp1187159
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/prod_white_paper0900aecd80406232.html


Leave a Reply