5-tuple – Bits 'n Bytes

What is a Network Traffic Flow? (Part 2)

October 21, 2018July 30, 2019Matt Hayes2 Comments

banner_network_flow_post_2

Network traffic flows (flows) are useful for building a coarse-grained understanding of traffic on a computer network. Flows provide a convenient unit for the measurement and/or treatment of traffic.

Following on from What is a Network Traffic Flow?, this second post delves into Internet layer flow considerations. Previously, we found that the definition of a flow is mainly arbitrary, primarily driven by the capabilities of hardware/software, and the use cases. We now delve further into the considerations around specific features and behaviours of IP.

tcpip_stack

Figure 1 – Where this Blog Post fits in the Internet Protocol suite Continue reading →

What is a Network Traffic Flow?

September 26, 2018November 1, 2018Matt Hayes5 Comments

traffic_wide

Network traffic flows (flows) are useful for building a coarse-grained understanding of traffic on a computer network, providing a convenient unit for the measurement and/or treatment of traffic.

Flows can be measured to understand what hosts are talking on the network, with details of addresses, volumes and types of traffic. This view of the network can be useful for troubleshooting, detecting security incidents, planning and billing

But what exactly is a flow, and how is it defined?

This question sounds trivial to answer, however when we dig deeper we find nuances and corner cases that make flows interesting, and ultimately difficult to define. Continue reading →