Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
NetFlow
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Records === A NetFlow record can contain a wide variety of information about the traffic in a given flow. NetFlow version 5 (one of the most commonly used versions, followed by version 9) contains the following: *Input interface index used by [[Simple Network Management Protocol|SNMP]] (ifIndex in IF-MIB). *Output interface index or zero if the packet is dropped. *Timestamps for the flow start and finish time, in milliseconds since the last boot. *Number of bytes and packets observed in the flow *[[Network Layer|Layer 3]] headers: **Source & destination IP addresses **[[Internet Control Message Protocol|ICMP]] Type and Code. **IP protocol **[[Type of Service]] (ToS) value *Source and destination port numbers for TCP, UDP, SCTP *For TCP flows, the union of all TCP flags observed over the life of the flow. *Layer 3 [[Routing]] information: **IP address of the immediate next-hop (not the BGP nexthop) along the route to the destination **Source & destination IP masks (prefix lengths in the [[Classless Inter-Domain Routing|CIDR]] notation) For [[Internet Control Message Protocol|ICMP]] flows, the Source Port is zero, and the Destination Port number field codes ICMP message Type and Code (port = ICMP-Type * 256 + ICMP-Code) {{Citation needed|date=October 2022}}. The source and destination [[autonomous system (Internet)|Autonomous System]] (AS) number fields can report the destination AS (last AS of AS-Path) or the immediate neighbor AS (first AS of AS-Path) depending on the router configuration. But the AS number will be zero if the feature is not supported, the route is unknown or not announced by BGP, or the AS is the local AS. There is no explicit way to distinguish between these cases. NetFlow version 9 can include all of these fields and can optionally include additional information such as [[Multiprotocol Label Switching]] (MPLS) labels and [[IPv6]] addresses and ports, By analyzing flow data, a picture of traffic flow and traffic volume in a network can be built. The NetFlow record format has evolved over time, hence the inclusion of version numbers. Cisco maintains details of the different version numbers and the layout of the packets for each version.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)