Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
814
Views
0
Helpful
3
Replies

NetFlow v9

anandmirasdar
Level 1
Level 1

‎11-13-2007 04:39 AM

Hi,

I am trying to use NetFlow v9 to analyze traffic between two servers. Where are the source and destination ip addresses stored in the v9 packets ?

Is this information part of the template or the flow record ?

Thanks in advance.

Labels:
0 Helpful
3 Replies 3

Jan Nejman
Level 3
Level 3

‎11-13-2007 09:23 AM

Hello,

IP addresses are part of flow record. But you need also parse a template. In the template you will find a structure of flow record... See http://netflow.caligare.com/netflow_v9.htm for more information about NetFlow version 9.

Kind regards,

Jan Nejman

Caligare, Co.

http://www.caligare.com/

0 Helpful

paitken
Level 1
Level 1
In response to Jan Nejman

‎11-27-2007 04:10 AM

Netflow v9 (and IPFIX) are different from the previous netflow export formats, in that they're template based.

So the data records are no longer in a fixed format - which is which prevented previous formats (eg, v5) from being extensible.

Now the templates tell you which fields are available in the data records, and what the size of each field is. From this, you can work out where each field can be found.

So you have to parse each template before you begin to look at the data..

0 Helpful
Customers Also Viewed These Support Documents