A NetFlow Collector is a specialized software application or hardware appliance that receives, processes, and stores network traffic metadata exported by network devices. It is a central component of a network traffic analysis system, acting as the repository that allows network administrators to monitor bandwidth usage, troubleshoot issues, and spot security anomalies without capturing heavy, full-packet payloads. The Three-Component Architecture
A NetFlow collector does not operate alone; it functions as the middle tier in a standard three-part framework:
NetFlow Exporter: Network infrastructure devices like routers, switches, firewalls, or software agents. They inspect packets, group them into “flows” (based on attributes like source/destination IP and port numbers), and encapsulate this summary metadata into UDP datagrams.
NetFlow Collector: The target server configured to listen for those UDP datagrams (commonly on port 2055 or 9995). It ingests the stream, unpacks the data, filters or aggregates it to save space, and commits it to data storage.
NetFlow Analyzer: The software layer (often bundled with the collector) that queries the stored data to generate graphical dashboards, charts, and alerts for human engineers. Core Functions of a Collector
Data Ingestion: Continuously listens for and accepts binary UDP packets from multiple exporters simultaneously.
Parsing and Unpacking: Translates the raw binary flow records into human-readable text or structured numeric data.
Data Reduction: Filters out noise and aggregates repeating data streams to optimize backend storage capacity.
Storage Management: Saves records into flat files, traditional SQL databases, or big-data cloud structures for historical analysis.
Analyzer Syncing: Directs clean data to the visualization tool so operators can see traffic patterns. Key Benefits NetFlow Collector | Kentik
Leave a Reply