Talk:NetFlow

This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computing: Networking Low‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles Low This article has been rated as Low-importance on the project's importance scale. This article is supported by Networking task force (assessed as Mid-importance).

I've put back the section about NetFlow probes. I am not sure about that the NetFlow was designed to eliminate probes. Maybe it is true, but using probes is sometimes necessary as cisco devices are not designed for purpose of exporting NetFlow, it is only side effect. I am working as an network security consultant and did dozens of measurements for billing or security purposes and many times I face problems connecting with NetFlow generation done on the Cisco devices. On saturated networks, it is often impossible to enable it as the device utilizition jump to 100% (and netflow data are HARDLY sampled). Try to activate such feature on vital router in bank or ISP network. The system admin will shoot you:) —Preceding unsigned comment added by 89.102.12.150 (talk) 12:20, 2 January 2009 (UTC)[reply]

a quote said that v5 was most common "next to" v9 meaning that v9 was more common, but the table on the page says v5 is most common and I would tend to agree

What the heck does "open but proprietary" even *mean*? Those two words are antonyms in a software context. I suggest either an explanation of what is meant or a revision. (I lean towards revision).

Directories of software in articles of this nature is outside WP:EL guidelines. I've removed the list and suggest that if anyone feels there is a burning need for an external link to a specific piece of software, raise it in this talk page first to allow others to comment, else you may be reverted. -- Moondyne 13:09, 18 October 2006 (UTC)[reply]

If software links are to be removed, they should be removed from the "see also" section too. i.e. Calgiare Flow Inspector, PRTG and MRTG. MRTG doesn't even use netflow? Or is there something I'm missing here? Pleamon 17:25, 9 February 2007 (UTC)[reply]

I delete individual software links as people add them, but let's keep the external link "List of software related to flow accounting" to switch.ch 28 Oct 2008 —Preceding unsigned comment added by 69.11.249.54 (talk) 00:53, 29 October 2008 (UTC)[reply]

In section Netflow Record, it is said that the record contains L3 headers and a list of the items contained in that header is given:

1. Layer 3 headers:

   * Source & destination IP addresses
   * Source and destination port numbers
   * IP protocol
   * Type of Service (ToS) value

src and dst ports are NOT part of l3 header but l4 header. this brings to the paragraph which is just above which says :In the case of NetFlow, Cisco uses the common 5-tuple definition, where a flow is defined as a unidirectional sequence of packets all sharing all of the following 5 values:

  1. Source IP address
  2. Destination IP address
  3. Source TCP port
  4. Destination TCP port
  5. IP protocol

I'm not very familiar with netflow but if src and dst ports are part of what defines a flow, does this mean that netflow supports only ip protocols 6 and 17 (tcp and udp) because the other ones (ex. gre, esp,ip-in-ip etc) DO NOT have port numbers and thus do not qualify to form a tuple.Strangeusername 08:01, 23 August 2007 (UTC)[reply]

To clarify the availability of NetFlow technology, it should be stated that it is only available on the routers and modular switches within Cisco product line (NetFlow Availability). Some of the other products also includes necessary command set but not effective and this confuse the community. MustafaAksu 20:01, 12 September 2007 (UTC)[reply]

hi, Mustafa !

that no longer is correct. for GNU/Linux machines there's a plugin for ntop named nProbe that can generate netflow streams of data.

not to mention, of course, the many visualizer available there.

all the best,

--Hgfernan (talk) 21:53, 22 December 2008 (UTC)[reply]

Section on protocol description for Juniper, Huawei and Alcatel is completely wrong and unprofessional. My old section was correct. cflowd is NOT PROTOCOL, it is netflow (and compatible) collector. Netflow and competitive/compatible protocols are NetFlow, Jflow, Sflow and NetStream.

Juniper (maybe others) could collect netflow-like information in the router with the help of software. But since it is not ASIC-bound process, it is VERY ineffective and reduces throughput a lot.

Please, correct the section.

89.178.147.63 (talk) 13:26, 2 February 2009 (UTC) thebiggestmac[reply]

Quality of the article is rapidly falling. CFlowd is not a protocol. What the f is the first sentence saying about proprietary and FreeBSD (which used Linux-derived implementations)? In second paragraph we talk about different platforms, so remove it.

May be, we need synthetic article covering common features of all NF-compatible protocols, especially IPFIX.

Should say some words about nTop/nProbe somewhere, since it is essential software for open world.

Thebiggestmac (talk) 19:48, 16 April 2009 (UTC)[reply]

I initiated a table that list routers and switches that support Netflow, mostly those that I tested and used at work. AFAIK I only put publicly available information, but it will take some time to find all the references. I would like to indicate how Netflow actually behaves on some of these equipment, but unfortunately this is not public knownledge as of 2012. I also added Enterasys and vmware because they were mentioned in previous version of the article, and I found references docs for Netflow. Also I fixed many other parts of the Netflow article, but there is still much room for improvement. User:skewell March 2012. —Preceding undated comment added 16:15, 4 March 2012 (UTC).[reply]

I wish to dispute this claim. The section very succinctly answered my question of "Which version of Netflow supports IPv6" —Preceding unsigned comment added by 216.239.45.4 (talk) 22:47, 1 March 2011 (UTC)[reply]

• Agreed. It was a bot edit. Reverted. Lahnfeear (talk) 15:17, 2 March 2011 (UTC)[reply]

I noticed someone went through and edited all occurences of "NetFlow" and changed them to "Netflow." The proper spelling of the term does in fact use a capital "F" (http://www.cisco.com/web/go/netflow) and these should be changed back. Lahnfeear (talk) 16:06, 4 March 2012 (UTC)[reply]