Overview
NetFlow provides a high-level view of network traffic by recording 'flows' rather than individual packets. A flow is defined by a set of common attributes (e.g., source/destination IP, source/destination port, protocol).
Information Provided
- Who is talking to whom?
- What protocols and applications are being used?
- How much data is being transferred?
- When did the communication start and end?
Benefits
- Capacity Planning: Identify which links are becoming congested.
- Security Analysis: Detect unusual traffic patterns that might indicate a DDoS attack or data exfiltration.
- Billing: Track usage for different departments or customers.