-
Notifications
You must be signed in to change notification settings - Fork 3
Format
FluereFlow serves as a detailed record of network communications or transactions occurring between two IP addresses. It draws inspiration from the Cisco NetFlow format, encapsulating comprehensive data about individual network transactions, including specifics about the source and destination, various counters pertaining to the type and quantity of packets exchanged, and other pertinent metadata.
Each FluereRecord
instance encapsulates detailed information about a specific network transaction. Here are the fields that constitute a FluereRecord
:
-
source: IpAddr
- Description: Originating IP address of the communication.
- Type: IP Address (supports both IPv4 and IPv6).
-
destination: IpAddr
- Description: Target IP address where the communication is directed.
- Type: IP Address (supports both IPv4 and IPv6).
-
d_pkts: u32
- Description: Cumulative number of packets transmitted during the communication.
- Type: 32-bit unsigned integer.
-
d_octets: usize
- Description: Aggregate number of octets (bytes) transferred throughout the communication.
- Type: Unsigned size type (commonly used for indexing and counting).
-
first: u64
- Description: Timestamp marking the initiation of the communication (usually denoted in microseconds since the epoch).
- Type: 64-bit unsigned integer.
-
last: u64
- Description: Timestamp marking the conclusion of the communication (usually denoted in microseconds since the epoch).
- Type: 64-bit unsigned integer.
-
src_port: u16
- Description: Source port utilized during the communication.
- Type: 16-bit unsigned integer.
-
dst_port: u16
- Description: Destination port utilized during the communication.
- Type: 16-bit unsigned integer.
-
min_pkt: u32
- Description: Size of the smallest packet transmitted in the communication.
- Type: 32-bit unsigned integer.
-
max_pkt: u32
- Description: Size of the largest packet transmitted in the communication.
- Type: 32-bit unsigned integer.
-
min_ttl: u8
- Description: Minimum TTL value observed across the packets.
- Type: 8-bit unsigned integer.
-
max_ttl: u8
- Description: Maximum TTL value observed across the packets.
- Type: 8-bit unsigned integer.
-
in_pkts: u32
- Description: Count of incoming packets.
- Type: 32-bit unsigned integer.
-
out_pkts: u32
- Description: Count of outgoing packets.
- Type: 32-bit unsigned integer.
-
in_bytes: usize
- Description: Total volume of incoming bytes.
- Type: Unsigned size type.
-
out_bytes: usize
- Description: Total volume of outgoing bytes.
- Type: Unsigned size type.
The following fields represent counters for specific TCP flags encountered during the communication. All of them are of type u32
(32-bit unsigned integer):
-
fin_cnt: u32
: FIN flag counter. -
syn_cnt: u32
: SYN flag counter. -
rst_cnt: u32
: RST flag counter. -
psh_cnt: u32
: PSH flag counter. -
ack_cnt: u32
: ACK flag counter. -
urg_cnt: u32
: URG flag counter. -
ece_cnt: u32
: ECE flag counter. -
cwr_cnt: u32
: CWR flag counter. -
ns_cnt: u32
: NS flag counter (Deprecated as perRFC 3540
, moved to Historic state).
-
prot: u8
- Description: Protocol number denoting the communication protocol (e.g., TCP, UDP).
- Type: 8-bit unsigned integer.
-
tos: u8
- Description: Type of service value, typically utilized for QoS (Quality of Service) classification.
- Type: 8-bit unsigned integer.