Description of the netflow fields used by NFA
search cancel

Description of the netflow fields used by NFA

book

Article ID: 37359

calendar_today

Updated On: 04-17-2025

Products

Network Flow Analysis

Issue/Introduction

NFA requires some netflow fields in order to monitor routers

Environment

ALL NFA versions with all router models

Resolution

 

1 - IN_BYTES                                     :  Bytes in IP Flow.  Incoming counter with length N x 8 bits for number of bytes associated with an IP Flow.
85 - IN_PERMANENT_BYTES          : Running byte counter for a permanent flow
231 - FW_INITIATOR_OCTETS        :  The number of incoming packets since the previous report (if any) for this Flow at the Observation Point. Or the number of Cisco ASA octets since the previous report (if any) in incoming packets. Then the number of packets for this Flow will be calculated.
232 - FW_RESPONDER_OCTETS  : The number of incoming packets since the previous report (if any) for this Flow at the Observation Point. Or the number of Cisco ASA octets since the previous report (if any) in incoming packets. Then the number of packets for this Flow will be calculated.

4 - PROTOCOL                    : IP protocol
7 - L4_SRC_PORT              : TCP/UDP  source port
8 - IPV4_SRC_ADDR          : IPV4 source address 
10 - INPUT_SNMP               : gives the IFindex of the IN interface 
11 - L4_DST_PORT             : TCP/UDP  destination port
12 - IPV4_DST_ADDR         : IPV4 destination address
14 - OUTPUT_SNMP           : gives the IFindex of the OUT interface 

For flexible netflow :

61 - Direction                        :Flow direction: 0 - ingress flow, 1 - egress flow

Additional Information

See also the following related article, which can help determine if a NetFlow enabled device is sending the correct fields and data using WireShark.

https://knowledge.broadcom.com/external/article?articleNumber=11095 

Powered by Wolken Software