What ports are used by NFA Flow Cloner
search cancel

What ports are used by NFA Flow Cloner


Article ID: 220187


Updated On:


CA Network Flow Analysis (NetQos / NFA)


NFA Flow Cloner is able to send netflow packets to another flow receiver.  This can be another NFA environment or a third party netflow collector.

Where and how are the settings configured?


Release : 20.2



  1. Log in to the Flow Cloner installation server as a user who has administrator privileges.
  2. Open the following file in a text editor: install_path\Netflow\FlowCloner\flowclonedef.ini  The .ini file has a header line followed by a line for each host that will receive packets.
  3. Customize the header line:
    The header content must be contained in the first non-commented and non-blank single line in the file.
    1. To use the default value for the input NIC, replace the entire header line with the following token:

      /use defaults

      You can follow the /use defaults token with a comment, as shown in the following example:

      /use defaults ; use first available NIC and port 9995 to listen and send flows on the first available NIC

      The program uses the first available NIC. The hosts listen for the original flows and cloned flows on port UDP 9995. The /use defaults token takes effect only if the header does not contain any other tokens.
    2. (Optional) To specify the listening port, enter the /port= token, followed by the port number. The Harvester that receives the original flows listens on UDP 9995 unless you use the /port token to specify a different port.
      Default: UDP 9995
    3. (Optional) To specify the destination port, enter the /dest port= token, followed by the port number. The hosts that receive the cloned flows listen on UDP 9995 unless you use the /dest port token to specify a different port. All of the hosts listen for the cloned flows on the same port.
      Default: UDP 9995
    4. (Optional) To specify the Input NIC, enter the /listen ip= token, followed by the IP address for the NIC on which the Flow Cloner listens for packets.
      Default: First functional IP address of the host

  4. Specify one or more hosts that will receive the cloned packets:
    Enter each host on a separate line, which consists of the dest ip= token and IP address of the destination host. You can put the destination host lines in any order.

    /dest ip= ; send cloned packets to

    If the IP address is missing, the line is ignored.

  5. Save and close the FlowCloneDef.ini file.
  6. Start the CA NFA Flow Cloner service on the Harvester server.
    The Flow Cloner is enabled and attempts to forward packets to each valid destination that you specified. Flow cloning continues until you stop the CA NFA Flow Cloner service manually.
    The CA NFA Flow Cloner service is configured to start automatically on reboot and start sending cloned flow data. To operate the Flow Cloner only on demand, change this configuration in the Services window. The service can run only if the configuration file identifies at least one destination IP address.

Additional Information

This and other information can be found in the NFA documentation here:

Install Flow Cloner
Flow Cloner Configuration Files