Check out my latest blog post on Dark Reading’s Security Monitoring Tech Center entitled “Monitoring With Network Flow Technology“:
A network flow is a data entity that contains information related to a unidirectional sequence of packets on an IP network. Comprised of source and destination port and IP address information as well as IP protocol, ingress interface, and type of service (ToS) entries, the data (organized as flow records) serves to provide high-level insight into what is happening on the network. Every major routing and switching infrastructure vendor supports the generation of network flows in some iteration…
The full article can be viewed here: http://www.darkreading.com/security_monitoring/blog/archives/2010/10/monitoring_with.html