I am analyzing netflow records these days,these records were sent from a cisco router,the netflow version is 5.
I find that most of the tcp records did not set the tcp flags,that is, value of tcp flag is equal to 0.
only some of them has SYN,ACK,or RST flags set.
Can you tell me why?
We know that during the TCP session, from the client's view, SYN packet will be sent,and then when connected successfully, at least one ACK packet.
So in my opinion, even after sampling netflow, if there is a netflow tcp record, it must have tcp flag value >0.
Any idea will be appreciated,thanks.