Netflow Traffic Analysis 📍

Use IPFIX (vendor-agnostic) for new deployments. Report prepared by: [Your Name/Team] For questions or hands-on workshop: Contact Network Observability Team End of Report

NetFlow v9 and IPFIX are template-based and can include additional fields (TCP flags, AS numbers, MPLS labels, etc.). 3. Deployment Architecture A standard NetFlow analysis stack consists of three components: netflow traffic analysis

| Field | Description | Example | |-------|-------------|---------| | Source IP | Where traffic originates | 192.168.1.100 | | Destination IP | Target of communication | 8.8.8.8 | | Source Port | Application on source | 54322 (ephemeral) | | Destination Port | Service on destination | 443 (HTTPS) | | Protocol | Layer 4 protocol | TCP (6), UDP (17) | | Packets & Bytes | Volume of transfer | 1,200 packets / 1.4 MB | | Timestamps (Start/End) | Flow duration | 14:32:10.100 – 14:32:10.950 | Use IPFIX (vendor-agnostic) for new deployments