What are the NetFlow Infrastructure Elements? investigation of network problems that cause congestion and slowness of applications.network threat detection (DoS attacks) and forensic analysis.The output of NetFlow are flow records that are sent to a centralized place in a network (flow collector) as NetFlow messages.įlow statistics collected by the NetFlow protocol are typically used for: NetFlow collects and aggregates information about network traffic flowing through a device with an enabled NetFlow feature. NetFlow is a Cisco proprietary network protocol used for flow analysis. For instance, when we watch live streaming video, packets sent from server to PC create a flow as they are part of the same conversation. top talkers, traffic by protocols, bandwidth usage etc.).Ī flow is a sequence of packets sharing the same properties that are sent between a sending and a receiving hosts. In contrast to packet analysis, flow analysis is about collecting the metadata from network traffic used for statistical purpose (e.g.
Active timer on netflow full#
Packet analysis is suitable for the in depth analysis of a specific conversation as the full packet header along with the payload is collected. Packet Analysis uses packet capturing technologies such as SPAN, RSPAN, ERSPAN to get raw copies of traffic. Packet analysis and flow analysis are two technologies that we can choose from when we perform traffic analysis on the network. Network Traffic Analysis is used to deduce information from patterns collected during network monitoring. Network monitoring is a systematic effort to monitor parameters of a computer network in order to detect issues that degrade network performance. Network Traffic Analysis using ElastiFlowĭecemIntroduction (NetFlow, IPFIX, sFLOW)