NetFlow

Description Glossary RFCs Publications Obsolete RFCs

Description:

Protocol suite: TCP/IP.
Type:Application layer protocol.
Port:dynamic (UDP).
MIME subtype:
SNMP MIBs:
Working groups: ipfix, IP Flow Information Export.
Links:

MAC header IP header UDP header NetFlow header Data :::

NetFlow header:

0001020304050607 0809101112131415 1617181920212223 2425262728293031
Version Count
Uptime
Timestamp
Sequence number
Source ID
Data :::

Version. 16 bits.
Protocol version.

Count. 16 bits, unsigned.
The sum total of the Options FlowSet records, Template FlowSet records, and Data FlowSet records in the Export Packet.

Uptime. 32 bits, unsigned.
The time in milliseconds since this device was first booted.

Timestamp. 32 bits, unsigned.
Time in seconds since 0000 UTC 1970 at which the Export Packet leaves the Exporter.

Sequence number. 32 bits, unsigned.
Incremental sequence counter of all Export Packets sent from the current Observation Domain by the Exporter. This value MUST be cumulative, and SHOULD be used by the Collector to identify whether any Export Packets have been missed.

Source ID. 32 bits, unsigned.
Identifies the Exporter Observation Domain. NetFlow Collectors SHOULD use the combination of the source IP address and the Source ID field to separate different export streams originating from the same Exporter.

Data. Variable length.


Glossary:


RFCs:

[RFC 3954] Cisco Systems NetFlow Services Export Version 9.

[RFC 3955] Evaluation of Candidate Protocols for IP Flow Information Export (IPFIX).


Publications:


Obsolete RFCs:


Description Glossary RFCs Publications Obsolete RFCs