Netflow Tools [exclusive] -

(v5 to collector 192.168.1.100):

softflowd -D -i eth0 -v 5 -n 192.168.1.100:2055 Receives UDP datagrams, parses, stores to disk/time-series DB. netflow tools

1. Core Concept: What NetFlow Actually Is NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network metadata. It is not packet capture (full payload) nor simple SNMP counters (bytes/sec). It is flow-level accounting . (v5 to collector 192

ip flow-cache timeout active 1 # Export every 1 min (active flows) ip flow-cache timeout inactive 15 # Export after 15 sec idle ip flow-cache timeout fast 30 # For TCP FIN/RST : Shorter timers = more exports = higher CPU/network load. Longer timers = delayed visibility. 3. NetFlow Tool Stack Architecture A production NetFlow deployment has four layers : Layer 1: Exporters (Network Devices) Configure routers/switches/firewalls to send NetFlow. It is not packet capture (full payload) nor

This guide covers production-grade NetFlow tooling. Start with nfdump for small environments, pmacct + ClickHouse for mid-scale, and GoFlow2 + Kafka for carrier-grade.

# Flows per second (FPS) spike nfcapd -p 2055 -w -l /data -T all # Real-time: watch -n 1 'nfdump -R /data -r current -s flows | head' (requires NetFlow v9 + BGP table)

interface GigabitEthernet0/1 ip flow ingress ip flow egress ! ip flow-export source Loopback0 ip flow-export version 5 ip flow-export destination 192.168.1.100 2055 :