NetFlow v5 Record Format
The following fields are recorded in the NetFlow-5 record type:
| Name | Description | Offset | Field Length |
|---|---|---|---|
| Source IPaddr | IP address of the device that sent the flow | 0 | 4 |
| Destination IPaddr | IP address of the destination device | 4 | 4 |
| Next hop router IP address | n/a | 8 | 4 |
| Inbound snmpIFindex | SNMP index number that identifies the Inbound interface on the Packeteer unit: 1 Inside (built-in) | 12 | 2 |
| Outbound snmpIFindex | SNMP index number that identifies the Outbound interface on the Packeteer unit: 1 Inside (built-in) | 14 | 2 |
| Packet Count | Number of packets in the flow | 16 | 4 |
| Byte Count | Total number of bytes in the flow | 20 | 4 |
| Time at Start of Flow | Value of SysUpTime when the first packet in the flow was seen (measured in milliseconds) | 24 | 4 |
| Time at End of Flow | Value of SysUpTime when the last packet in the flow was seen (measured in milliseconds) | 28 | 4 |
| Source Port | Port number of the device that the flow went out of | 32 | 2 |
| Destination Port | Port number of the device that the flow went to | 34 | 2 |
| One pad byte | n/a | 36 | 1 |
| TCP flags | Protocol state (URG=32, ACK=16, PSH=8, RST=4, SYN=2, FIN=1). For example, a value of 27 indicates the flow had a SYN, ACK, PUSH, and FIN (2+16+8+1=27). | 37 | 1 |
| Layer 4 Protocol | Type of layer 4 protocol. For example, ICMP=1, TCP=6, Telnet=14, UDP=17 | 38 | 1 |
| IP Type of Service (ToS) / Diffserv | Value that designates special handling of traffic (precedence, delay, throughput, and reliability) | 39 | 1 |
| Source Autonomous Sys ID | n/a | 40 | 2 |
| Dest. Autonomous Sys ID | n/a | 42 | 2 |
| Source Mask Bits Count | n/a | 44 | 1 |
| Destination Mask Bits Count | n/a | 45 | 1 |
| Two Pad Bytes | n/a | 46 | 2 |
Certain fields (those marked with n/a in the Description column above) are applicable to routers, but not Packeteer units. These fields will always have a value of zero (0) in the NetFlow v5 records from Packeteer.
from:http://support.packeteer.com/documentation/packetguide/7.2.0/info/netflow5-records.htm
扫一扫
1080
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
