NetFlow v9

Unanswered Question
Nov 13th, 2007


I am trying to use NetFlow v9 to analyze traffic between two servers. Where are the source and destination ip addresses stored in the v9 packets ?

Is this information part of the template or the flow record ?

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
paitken Tue, 11/27/2007 - 04:10

Netflow v9 (and IPFIX) are different from the previous netflow export formats, in that they're template based.

So the data records are no longer in a fixed format - which is which prevented previous formats (eg, v5) from being extensible.

Now the templates tell you which fields are available in the data records, and what the size of each field is. From this, you can work out where each field can be found.

So you have to parse each template before you begin to look at the data..


This Discussion