NetFlow Data

07 Jan 2019
by Dewi

In the previous article discussed NetFlow broadly like what is NetFlow, what data can be found in NetFlow, the history of NetFlow and lastly is why do you have to use NetFlow. To recall, NetFlow is a protocol that helps engineers to collect metadata on IP (internet protocol) network in switch or router. Still related to NetFlow topic, this article will discuss the use of data in NetFlow as mentioned before. Following are the explanation of data NetFlow.

1. Input and output interface numbers

The input dan output interfaces provide methods for transferring information between internal storage and external I/O devices. The point is to provide a way to interact with computer hardware.

2. Packet and byte counts

In NetFlow data, you can find packet and byte counts. What does it mean? The packet is a set of data that has varying lengths while byte counts are that you can see the number of bytes that exist.

3. TCP flags and encapsulated protocol (TCP/UDP)

To see how a network connection works in transfer TCP (Transmission Control Protocol) is the task of TCP flags. Not only that, but TCP flags also provide additional information to users. So, TCP flags can also be used for troubleshooting purposes and how to handle a certain connection.

Whereas what is meant by encapsulated protocol? encapsulated can be likened to a data translator. How does it work? When a process of retrieving data from a protocol is translated to another protocol so that the data can be forwarded to the entire network.

4. Source and destination TCP/User Datagram Protocol (UDP) ports

The purpose of this fourth point is in NetFlow data you can find out the source and destination of TCP/UDP ports. UDP is an alternative communication protocol for TCP that is used to build low latency and loss tolerate between applications on the internet.

5. BGP routing information

BGP short for Border Gateway Protocol is a protocol that makes the internet works. The way its work is similar to postal service. What is the meaning of postal service? It means when you enter data to the internet, the one responsible for choosing the path that available, fast and efficient so that the data can be processed immediately is BGP. The data is a letter while BGP is the postal service. Not only that, but BGP also allows internet access abroad quickly and efficiently.

6. Source and destination IP address

Source IP is IP (Internet Protocol) address of the device that sends an IP packet that is an IP unit of data transfer. While destination IP is IP address of the receiving device that has been sent. The point is source IP is the sender while destination IP is the recipient.

 

 

 

References :

http://www.pvpsiddhartha.ac.in/dep_it/lecturenotes/CSA/unit-5.pdf

https://www.techopedia.com/definition/24931/input-output-io

https://kb.iu.edu/d/ackw

https://www.keycdn.com/support/tcp-flags

https://www.computerhope.com/jargon/e/encapsul.htm

https://searchnetworking.techtarget.com/definition/UDP-User-Datagram-Protocol

https://www.cloudflare.com/learning/security/glossary/what-is-bgp/

https://www.quora.com/What-is-the-difference-between-source-ip-and-destination-ip