Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1763
Views
0
Helpful
1
Replies

problem about TCP Flag of Netflow record

huntmind123
Level 1
Level 1

‎12-16-2010 04:54 AM - edited ‎03-06-2019 02:34 PM

I am analyzing netflow records these days,these records were sent from a cisco router,the netflow version is 5.
I find that most of the tcp records did not set the tcp flags,that is, value of tcp flag is equal to 0.
only some of them has SYN,ACK,or RST flags set.
Can you tell me why?

We know that during the TCP session, from the client's view, SYN packet will be sent,and then when connected successfully, at least one ACK packet.
So in my opinion, even after sampling netflow, if there is a netflow tcp record, it must have tcp flag value >0.

Any idea will be appreciated,thanks.

Labels:
0 Helpful
1 Reply 1

margalla
Cisco Employee
Cisco Employee

‎12-22-2010 07:45 PM

The answer depends on what router you are using. The 7600 for instance doesn't send the TCP flags for hardware switched flows.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card