sFlow
sFlow (Sampled Flow) is a network monitoring protocol designed for high-speed networks. Unlike NetFlow and IPFIX, which capture complete flow records, sFlow uses packet sampling to provide scalable and efficient traffic analysis. It operates by embedding monitoring agents in network devices that randomly sample packets and send them to a central collector for analysis.
| Field | Description |
|---|---|
sampleSequenceNumber | Unique identifier for the sampled packet |
sourceIP | Source IP address |
destinationIP | Destination IP address |
sourcePort | Source port number |
destinationPort | Destination port number |
protocol | Transport protocol (TCP, UDP, etc.) |
sampledPacketSize | Size of the sampled packet in bytes |
inputInterface | Interface where the packet was received |
outputInterface | Interface where the packet was forwarded |
vlanID | VLAN identifier of the packet |
tcpFlags | TCP control flags |
flowSampleType | Type of sampling (e.g., packet, counter) |
samplingRate | Ratio of sampled packets to total packets |
agentAddress | IP address of the device performing sampling |
collectorAddress | IP address of the sFlow collector |
sFlow's lightweight sampling approach makes it ideal for real-time traffic monitoring in large-scale, high-speed networks.