Once upon a time in the mid-1990s, the network world was like a busy highway where the traffic police—network admins—were trying to understand traffic patterns by taking blurry snapshots from a helicopter using a protocol called . They could see that the road was full, but they had no idea who was driving, where they were going, or what was in their trailers.
: A network device (the exporter) monitors traffic and groups packets with identical attributes into a "flow". netflow collector
While Simple Network Management Protocol (SNMP) can tell you how much traffic is passing through an interface (e.g., "Interface Gi0/1 is at 80% utilization"), it cannot tell you who is generating that traffic. Once upon a time in the mid-1990s, the
Network flows generate massive amounts of data (sometimes Terabytes per day). Collectors must have tiered storage policies: While Simple Network Management Protocol (SNMP) can tell
While "NetFlow" is the generic term, collectors must support different dialects:
The Ultimate Guide to NetFlow Collectors: Transforming Raw Traffic into Actionable Insights