NetFlow
A network protocol developed by Cisco for collecting, analyzing, and monitoring network traffic. It captures metadata about IP traffic flows, providing insights into bandwidth usage, security threats, and network performance. NetFlow records include key details such as source and destination IPs, ports, protocol types, and timestamps.
| Field | Description |
|---|---|
SrcAddr | Source IP address |
DstAddr | Destination IP address |
SrcPort | Source port number |
DstPort | Destination port number |
Protocol | Transport protocol (TCP, UDP, etc.) |
Packets | Number of packets in the flow |
Bytes | Total bytes transferred |
StartTime | Timestamp of the first packet in the flow |
EndTime | Timestamp of the last packet in the flow |
SrcAS | Source Autonomous System (AS) number |
DstAS | Destination Autonomous System (AS) number |
TCPFlags | TCP control flags for the flow |
ToS | Type of Service (QoS marking) |
NextHop | IP address of the next hop router |
FlowDuration | Duration of the flow in milliseconds |
This is a general overview; actual fields may vary depending on the versions and implementations.