Filter
Top Products
56-3
Software Configuration Guide—Release 15.0(2)SG
OL-23818-01
Chapter 56 Configuring NetFlow
About NetFlow Statistics Collection
Information Derived from Hardware
Information available in a typical NetFlow record from hardware includes the following:
• Packet and byte counts
• Start and end timestamps
Table 56-2 NDE Version 5 Flow Record Format
Bytes Content Description
Flow masks:
• X=Populated
• A=Additional field
Source
Destination
Destination
Source
Destination
Source
Interface
Full
Full
Interface
0–3 srcaddr Source IP address
X XXXX
4–7 dstaddr Destination IP address
XXXXX
8–11 nexthop Next hop switch’s IP address
A
1
1. With the destination flow mask, the “Next hop switch’s IP address” field and the “Output interface’s SNMP ifIndex” field might not contain information
that is accurate for all flows.
AAAA
12–13 input Ingress interface SNMP ifIndex
XX
14–15 output Egress interface SNMP ifIndex
A
1
AAAA
16–19 dPkts Packets in the flow
XXXXXX
20–23 dOctets Octets (bytes) in the flow
XXXXXX
24–27 first SysUptime at start of the flow
XXXXXX
28–31 last SysUptime at the time the
last packet of the flow was received
XXXXXX
32–33 srcport Layer 4 source port number or equivalent
X
2
2. In PFC3BXL or PFC3B mode, ICMP traffic contains the ICMP code and type values.
X
2
34–35 dstport Layer 4 destination port number or equivalent
XX
36 pad1 Unused (zero) byte
37 tcp_flags Cumulative OR of TCP flags
38 prot Layer 4 protocol
(for example, 6=TCP, 17=UDP)
XX
39 tos IP type-of-service byte
40–41 src_as Autonomous system number of the source,
either origin or peer
X XXXX
42–43 dst_as Autonomous system number of the
destination, either origin or peer
XXXXX
44–45 src_mask Source address prefix mask bits
X XXXX
46–47 dst_mask Destination address prefix mask bits
XXXXX
48 pad2 Pad 2 is unused (zero) bytes