NetFlows

Cisco Systems' NetFlow services provide network administrators with access to IP flow information from their data networks. Network elements (routers and switches) gather flow data and export it to collectors. The collected data provides fine-grained metering for highly flexible and detailed resource usage accounting.

A flow is defined as a unidirectional sequence of packets with some common properties that pass through a network device. These collected flows are exported to an external device, the NetFlow collector. Network flows are highly granular; for example, flow records include details such as IP addresses, packet and byte counts, timestamps, Type of Service (ToS), application ports, input and output interfaces, etc.

Exported !NetFlow data is used for a variety of purposes, including enterprise accounting and departmental chargebacks, ISP billing, data warehousing, network monitoring, capacity planning, application monitoring and profiling, user monitoring and profiling, security analysis, and data mining for marketing purposes.

References

RFC 3954 - Cisco Systems Net``Flow Services Export Version 9
NetFlow FlowCollector Installation and User Guide
- This is a core reference document defining how Cisco, the creator of NetFlows, implements the technology. %BR%
Appendix B: NetFlows Export Datagram Format Direct link to the appendix with the NetFlow datagram format by version.

Table of Contents

NetFlows
1. References