Research Article
Detecting Web-Based Botnets Using Bot Communication Traffic Features
Table 1
Fields of a NetFlow V5 record.
| | Content | Bytes offset | Description |
| | srcaddr | 0–3 | Source IP address | | dstaddr | 4–7 | Destination IP address | | dPkts | 16–19 | Packets in the flow | | srcport | 32-33 | Source port number | | dstport | 34-35 | Destination port number | | prot | 38 | Protocol (6 = TCP, 17 = UDP) |
|
|
