In the previous article, NetFlow has been discussed more broadly, such as: what is NetFlow, what data can be found in NetFlow, the history of NetFlow and why you should use NetFlow. As a reminder, NetFlow is a protocol that helps network engineers collect metadata on IP (internet protocol) networks in switches or routers. Still related to NetFlow, this article will discuss the use of data in NetFlow that has been mentioned previously. The following is an explanation of NetFlow data.
- Input and output interface numbers
Input and output interfaces provide a method for transferring information between internal storage and external I/O devices. In essence, it provides a way to interact with computer hardware. - Packet and byte counts
In NetFlow data, packet and byte counts can also be found. What do they mean? Packets are a collection of data that have varying lengths while byte counts are when you can see the number of bytes. - TCP flags and encapsulated protocol (TCP/UDP)
TCP flags function to see how a network connection works in TCP (Transmission Control Protocol) transfers. Not only that, TCP flags also provide additional information to users. So, TCP flags can also be used for troubleshooting purposes and how to handle certain connections.
Meanwhile, what is meant by encapsulated protocol? Encapsulated can be likened to a data translator. How does it work? Encapsulated works when the process of taking data from a protocol is then translated into another protocol so that the data can be forwarded to the entire network.
- Source and destination TCP/User Datagram Protocol (UDP) ports
The purpose of this fourth point is that in NetFlow data, you can find out the source and destination of TCP/UDP ports. UDP is an alternative communication protocol to TCP that is used to build low latency and loss tolerance between applications on the internet. - BGP routing information
BGP stands for Border Gateway Protocol which means a protocol that makes the internet work. The way it works is similar to the postal service. What is meant by postal service? The point is that when you enter data into the internet, the one responsible for choosing the available, fast and efficient path so that the data can be processed immediately is BGP. The data is a letter while BGP is the postal service. Not only that, BGP also allows for fast and efficient internet access abroad. - Source and destination IP address
Source IP is the IP (Internet Protocol) address of the device sending the IP packet which is the IP unit of data transfer. While Destination IP is the IP address of the device receiving the packet that has been sent. Simply put, Source IP is the sender while Destination IP is the recipient.
References :
http://www.pvpsiddhartha.ac.in/dep_it/lecturenotes/CSA/unit-5.pdf
https://www.technopedia.com/definition/24931/input-output-io
https://www.keycdn.com/support/tcp-flags
https://www.computerhope.com/jargon/e/encapsul/htm
https://searchnetwork ing.techtarger.com/definition/UDP-User-Datagram-Protocol
https://www.quora.com/What-is-the-difference-between-source-ip-and-destination-ip