NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network traffic. By analyzing flow data, a picture of network traffic flow and volume can be built. Using a NetFlow collector and analyzer, you can see where network traffic is coming from and going to and how much traffic is being generated.
As a general monitoring setup typical flow monitoring setup (using NetFlow) consists of three main components –
- Flow exporter: aggregates packets into flows and exports flow records towards one or more flow collectors.
- Flow collector: responsible for reception, storage and pre-processing of flow data received from a flow exporter.
- Analysis application: analyzes received flow data in the context of intrusion detection or traffic profiling, for example.
Typical flow analysis information found in a NetFlow data record includes :
- Source and destination IP address
- Source and destination TCP/ UDP ports
- Type of service
- Packet and byte counts
- Timestamps
- Interface numbers
- TCP flags and encapsulated protocol (TCP/UDP)
- Routing information
- next-hop address
- source autonomous system (AS) number
- Destination AS number
- Source prefix mask
- Destination prefix mask
Netflow Versions over time –
Reference –
https://en.wikipedia.org/wiki/NetFlow
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)
