fSonar. Monitored parameters

The fSonar program depending on configured version of NetFlow allows to monitor a various set of network parameters.

When using NetFlow version 5, you can collect the following parameters:

  • Source IP address;
  • Destination IP address;
  • IP address of next hop router;
  • SNMP index of input interface;
  • SNMP index of output interface;
  • Packets in the flow;
  • Total number of Layer 3 bytes in the packets of the flow;
  • SysUptime at start of flow;
  • SysUptime at the time the last packet of the flow was received;
  • TCP/UDP source port number or equivalent;
  • TCP/UDP destination port number or equivalent;
  • Cumulative OR of TCP flags;
  • IP protocol type (for example, TCP = 6; UDP = 17);
  • IP type of service (ToS).

When using NetFlow version 9, you can collect the following parameters:  

  • Incoming counter with length N x 8 bits for number of bytes associated with an IP Flow;
  • Incoming counter with length N x 8 bits for the number of packets associated with an IP Flow;
  • Number of flows that were aggregated; default for N is 4;
  • IP protocol;
  • Type of Service byte setting when entering incoming interface;
  • Cumulative of all the TCP flags seen for this flow;
  • TCP/UDP source port number e.g. FTP, Telnet, or equivalent;
  • IPv4 source address;
  • The number of contiguous bits in the source address subnet mask i.e. the submask in slash notation;
  • Input interface index;
  • TCP/UDP destination port number e.g. FTP, Telnet, or equivalent;
  • IPv4 destination address;
  • The number of contiguous bits in the destination address subnet mask i.e. the submask in slash notation;
  • Output interface index; default for N is 2 but higher values could be used;
  • IPv4 address of next-hop router;
  • System uptime at which the last packet of this flow was switched;
  • System uptime at which the first packet of this flow was switched;
  • Outgoing counter with length N x 8 bits for the number of bytes associated with an IP Flow;
  • Outgoing counter with length N x 8 bits for the number of packets associated with an IP Flow.;
  • Minimum IP packet length on incoming packets of the flow;
  • Maximum IP packet length on incoming packets of the flow;
  • IPv6 Source Address;
  • IPv6 Destination Address;
  • Length of the IPv6 source mask in contiguous bits;
  • Length of the IPv6 destination mask in contiguous bits;
  • IPv6 flow label as per RFC 2460 definition;
  • Internet Control Message Protocol (ICMP) packet type;
  • Internet Group Management Protocol (IGMP) packet type;
  • When using sampled NetFlow, the rate at which packets are sampled;
  • The type of algorithm used for sampled NetFlow;
  • Timeout value (in seconds) for active flow entries in the NetFlow cache;
  • Timeout value (in seconds) for inactive flow entries in the NetFlow cache;
  • IPv4 source address prefix;
  • IPv4 destination address prefix;
  • Minimum TTL on incoming packets of the flow;
  • Maximum TTL on incoming packets of the flow;
  • The IP v4 identification field;
  • Type of Service (ToS) byte setting when exiting outgoing interface;
  • Incoming source MAC address;
  • Outgoing destination MAC address;
  • Incoming destination MAC address;
  • Outgoing source MAC address;  
  • Internet Protocol Version Set to 4 for IPv4, set to 6 for IPv6.;
  • Flow direction: 0 - ingress flow, 1 - egress flow;
  • IPv6 address of the next-hop router;
  • Bit-encoded field identifying IPv6 option headers found in the flow;
  • The fragment offset value from fragmented IP packets.