Flow Collection for SteelCentral : Flow Data Fields Consumed by NetProfiler
  
Flow Data Fields Consumed by NetProfiler
The following table shows the flow fields that are consumed by NetProfiler. When you configure third-party devices to export flow, you must include as many of the following fields as supported by the third-party device.
Field Name
Description
Flow Versions with Support
Connection initiator
Indicates which host initiated the conversation. Used for proper client/server determination.
NetFlow v9
Source IP address
Source IP address of conversation.
All standard versions
Destination IP address
Destination IP address of conversation.
All standard versions
Inbound SNMP ifindex
SNMP ifindex that identifies the interface through which the conversation is received for the device.
All standard versions
Outbound SNMP ifindex
SNMP ifindex that identifies the interface through which the conversation is transmitted out of the device.
All standard versions
Packet count
Number of packets sent during the conversation.
All standard versions
Byte count
Number of bytes sent during the conversation.
All standard versions
Timestamps
Time stamps for the beginning and end of the conversation.
All standard versions
Source port
Source port being used.
All standard versions
Destination port
Destination port being used.
All standard versions
TCP flags
Set TCP flags
NetFlow v5 and v9 on most devices, sFlow v5
Layer-4 protocol
Layer-4 protocol identifier.
All standard versions
QoS information
Type of service (TOS), differentiated services code point (DSCP).
All standard versions
Time-to-live (TTL)
Time-to-live value observed when the packet traversed the reporting device.
NetFlow v9
Application identifier
Layer-7 application identifier.
NBAR through NetFlow v9 with specific hardware (also available from Packeteer through FDR records), Citrix AppFlow, NBAR v2, SteelHead (8.5 and later), NetShark 10.5, Palo Alto
Retransmitted bytes and retransmitted packets
TCP transmission counters.
SteelFlow Net from SteelHeads, and NetSharks
Network round-trip time
Measurement of round-trip time across the network.
SteelFlow Net from SteelHeads and NetSharks
Total response time, server delay, client delay
Measurement of response time metrics across the network.
SteelFlow Net from NetSharks
VoIP metrics:
•  MOS
•  R-Factor score
•  Jitter
•  RTP packet loss
Voice-over-IP-metrics computed by the NetShark.
NetShark 9.5 and later export
Loss
A count of the number of lost packets from the sequencing information.
MediaNet
Jitter
Mean jitter for the RTP stream.
MediaNet
ICMP Type
ICMP type.
ASA NSEL
ICMP Code
ICMP code.
ASA NSEL
Event
High-level event code.
ASA NSEL
Event Time
Time since the UNIX epoch when the event occurred.
ASA NSEL
Forward Flow Delta Bytes
Source to destination specific traffic counts.
ASA NSEL
Reverse Flow Delta Bytes
Destination to source specific traffic counts.
ASA NSEL