SonicOS 7.0 Device AppFlow

Download PDF
Technical Documentation > SonicOS 7.0 Device AppFlow > Flow Reporting > NetFlow Tables > Templates > NetFlow Version 5

NetFlow Version 5

The NetFlow version 5 datagram consists of a header and one or more flow records, using UDP to send export datagrams. The first field of the header contains the version number of the export datagram. The second field in the header contains the number of records in the datagram that can be used to search through the records. Because NetFlow version 5 is a fixed datagram, no templates are available, and it follows the format of the tables listed in NetFlow Version 5 Header Format and NetFlow Version 5 Header Format .

NetFlow Version 5 Header Format
Bytes Content Description
0-1 version NetFlow export format version number
2-3 count Number of flows exported in this packet (1-30)
4-7 SysUptime Current time in milliseconds since the export device booted
8-11 unix_secs Current count of seconds since 0000 UTC 1970
12-15 unix_nsecs Residual nanoseconds since 0000 UTC 1970
16-19 flow_sequence Sequence counter of total flows seen
20 engine_type Type of flow-switching engine
20 engine_id Slot number of the flow-switching engine
22-23 sampling_interval First two bits hold the sampling mode; remaining 14 bits hold value of sampling interval
Netflow Version 5 Record Format
Bytes Content Description
0-3 srcaddr Source IP address
4-7 dstaddr Destination IP address
8-11 nexthop IP address of the next hop router
12-13 input SNMP index of input interface
14-15 output SNMP index of output interface
10-19 dPkts Packets in the flow
20-23 dOctets Total number of Layer 3 bytes in the packets of the flow
24-27 First SysUptime at start of flow
28-31 Last SysUptime at the time the last packet of the flow was received
32-33 srcport TCP/UDP source port number or equivalent
34-35 dstport TCP/UDP destination port number or equivalent
36 pad1 Unused (zero) bytes
37 tcp_flags Cumulative OR of TCP flags
38 prot IP protocol type (for example, TCP=6; UDP=17)
39 tos IP type of service (ToS)
40-41 src_as Autonomous system number of the source, either origin or peer
42-43 dst_as Autonomous system number of the destination, either origin or peer
44 src_mask Source address prefix mask bits
45 dst_mask Destination address prefix mask bits
46-47 pad2 Unused (zero) bytes

Was This Article Helpful?

Help us to improve our support portal

Yes! Not Really

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden