NetFlow Version 5 Template Header and Data Field Support provides a listing and description for the NetFlow Version 5 header fields. NetFlow Version 5 Data Record Field Format provides a listing and description for NetFlow Version 5 data record fields. The contents of these data fields are used by the collector software application for flow analysis. Data fields are identified in the data record packet sent by the network switch to the collector. The data records contain the values specified by the format.
NetFlow Version 5 Template Header and Data Field Support
| NetFlow Version 5 Header | |
| Data Field | Field Contains |
| count | Number of flows exported in this packet (1-30). |
| sys_uptime | Current time in milliseconds since the export device booted. |
| unix_secs | Current count of seconds since 0000 UTC 1970. |
| unix_nsecs | Residual nanoseconds since 0000 UTC 1970. |
| flow_sequence | Sequence counter of total flows seen. |
| engine_type | Type of flow-switching engine. |
| engine_id | Slot number of the flow-switching engine. |
| sampling_interval | First two bits hold the sampling mode; remaining 14 bits hold value of sampling interval. |
| count | Number of flows exported in this packet (1-30). |
NetFlow Version 5 Data Record Field Format
| NetFlow Version 5 Data Record Format | |
|---|---|
| Data Field | Field Contains |
| srcaddr | Source IP address of the device that transmitted the packet. |
| dstaddr | IP address of the destination of the packet. |
| nexthop | IP address of the next hop router. |
| input | SNMP index of input interface. |
| output | SNMP index of output interface. |
| dPkts | Number of packets in the flow. |
| dOctets | Total number of Layer 3 bytes in the packets of the flow. |
| first | SysUptime at start of flow. |
| last | SysUptime at the time the last packet of the flow was received. |
| srcport | TCP/UDP source port number or equivalent. |
| dstport | TCP/UDP destination port number or equivalent. |
| pad1 | Unused (zero) bytes. |
| tcp_flags | Cumulative OR of TCP flags. |
| prot | IP protocol type (for example, TCP = 6; UDP = 17). |
| tos | IP type of service (ToS). |
| src_as | Autonomous system number of the source, either origin or peer. |
| dst_as | Autonomous system number of the destination, either origin or peer. |
| src_mask | Source address prefix mask bits. |
| dst_mask | Destination address prefix mask bits. |
| pad2 | Unused (zero) bytes. |
Print
this page
Email this topic
Feedback
View PDF
Download EPUB