1. Field of the Invention
This invention relates to the network communications and usage analysis, and particularly to methods and apparatus for gathering and processing netflow data.
2. Background of the Invention
Packetized data networks are in widespread use transporting data throughout the world. Packetized data networks typically format data into packets for transmission between one computer and another. These packets include headers containing information relating to packet data and routing. The data networks send these packets from the originating computer to the destination computers using routers which send the packet on to the destination computer using the routing information in the packet header. A flow of packets are packets sent from a particular source network address and port to a destination network address and port.
As these networks have expanded the benefits of using them has increased. It is desirable to provide systems and tools that enable users to efficiently identify how the network is being used, in particular which hosts and networks are consuming network resources.
Most known netflow analyzing engines identify a number of source and/or destination IP addresses based on the volume of data associated with the IP address. In other words, conventional techniques do not consider the flow record data as a whole. This is disadvantageous since the user's flexibility to query specific information is limited.
It is an object of the present invention to provide a method and apparatus for efficient processing and analysis of netflow data and which enables greater flexibility in user-defined queries.