Research Article
Detecting Web-Based Botnets Using Bot Communication Traffic Features
Table 1
Fields of a NetFlow V5 record.
| Content | Bytes offset | Description |
| srcaddr | 0–3 | Source IP address | dstaddr | 4–7 | Destination IP address | dPkts | 16–19 | Packets in the flow | srcport | 32-33 | Source port number | dstport | 34-35 | Destination port number | prot | 38 | Protocol (6 = TCP, 17 = UDP) |
|
|