NetFlow - theory and practice

Question

I am rather new to network security and NetFlow in general. Does anyone know of any technical references that I can read and study to introduce me to the forensic use of NetFlow data (esp. as presented by SW NetFlow)?

Thanks for the help.

By the way, what actually is an endpoint? Can it bew either internal or external?

jswan · Answer

This page has links to a few other documents on Netflow:

www.cisco.com/.../tsd_technology_support_protocol_home.html

The Wikipedia entry has a good overview, and links to some of the IETF work on flow specifications:

en.wikipedia.org/.../Netflow

jeff.stewart · Answer

www.cisco.com/.../products_ios_protocol_group_home.html

freemen · Answer

bump