NetFlow Data and Traffic Flow Analysis

0.0(0)

Studied by 0 people

Knowt Play

Learn

Practice Test

Spaced Repetition

Match

Flashcards

Card Sorting

1/17

Earn XP

Description and Tags

Vocabulary flashcards covering NetFlow, flow analysis, and related tools such as IPFIX, Zeek, MRTG, and SNMP, based on lecture notes.

Study Analytics

Name	Mastery	Learn	Test	Matching	Spaced

No study sessions yet.

18 Terms

New cards

Full Packet Capture (FPC)

Captures the entire packet, including header and payload, for all traffic; requires large storage.

New cards

NetFlow

Cisco-developed protocol for exporting traffic flow metadata to a collector; used for flow analysis; precursor to IPFIX.

New cards

Flow collector

System that records NetFlow/IPFIX metadata about traffic flows.

New cards

Flow analysis

Analysis of traffic using flow metadata to identify trends, patterns, and anomalies without capturing full payloads.

New cards

IPFIX

IP Flow Information Export; the standardization of NetFlow-like data export.

New cards

Metadata vs payload

NetFlow captures metadata (IPs, ports, protocol, etc.) about traffic rather than the actual packet contents.

New cards

Data flow (NetFlow definition)

A sequence of packets that share the same characteristics (e.g., source/destination IP and ports) treated as a single flow.

New cards

Source IP

The origin IP address in a traffic flow.

New cards

Destination IP

The target IP address in a traffic flow.

New cards

Source port

The port number on the source side used in a flow.

New cards

Destination port

The port number on the destination side used in a flow.

New cards

Zeek

Hybrid network monitor that passively analyzes traffic; logs full packets only when data is deemed interesting; normalizes data to JSON/TSV.

New cards

Normalization

Converting varied logs into a consistent format (e.g., JSON or TSV) for easier analysis.

New cards

MRTG (Multi Router Traffic Grapher)

Tool that graphs traffic on network interfaces by querying devices via SNMP.

New cards

SNMP

Simple Network Management Protocol; used to monitor and manage network devices and collect traffic data.

New cards

Data exfiltration

Unapproved or clandestine transfer of data from a network to external destinations, often detected via unusual outbound traffic.

New cards

Baseline

An expected level of normal traffic against which anomalies are detected.

New cards

Anomaly detection

Identifying traffic patterns that deviate from the baseline to find potential issues or attacks.

Explore top notes

4: Sensation, Attention, and Perception

Updated 1027d ago

Note

Positive Psychology: Biological Basis of Happiness

Updated 1075d ago

Note

Subatomic Particles and the History of the Atom

Updated 946d ago

Note

Topic 4 Acronyms

Updated 156d ago

Note

AB Level 1.3: Age and Numbers

Updated 909d ago

Note

The Passage to Adulthood: Challenges of Late Adolescence

Updated 1070d ago

Note

Concise Chemistry Summary

Updated 86d ago

Note

Basic Algebra Vocabulary

Updated 1082d ago

Note

Explore top flashcards

Biology 8 - Cells and Transport

Updated 1009d ago

Flashcards (83)

The Cold War (Test Six) - Modern World History

Updated 101d ago

Flashcards (166)

Chemistry Unit 3 - Solubility

Updated 1044d ago

Flashcards (31)

Pharmacology Workshop - Part 2

Updated 266d ago

Flashcards (34)

OBJECT ORIENTED PROGRAMMING (MAC Keyboard Commands Shortcut)

Updated 57d ago

Flashcards (30)

vocabulaire jane eyre

Updated 1039d ago

Flashcards (129)

El Mundo Digital Full

Updated 1017d ago

Flashcards (95)

Present Tense

Updated 907d ago

Flashcards (37)