IP Address and Hostname from NetFlow

  • 1
  • Question
  • Updated 8 years ago
  • Answered
s it possible to obtain both the IP address and hostname of the client from NetFlow? I am able to obtain the IP address of the client from NetFlow configured on a remote router, but unable to resolve the IP address to hostname.
Photo of NetFort

NetFort

  • 182 Posts
  • 2 Reply Likes

Posted 8 years ago

  • 1
Photo of NetFort

NetFort

  • 182 Posts
  • 2 Reply Likes
Official Response
It is not possible to get the hostname from NetfLow. The traditional Cisco definition of a network flow is to use a 7-tuple key, where a flow is defined as a unidirectional sequence of packets all sharing all of the following 7 values:

1. Source IP address
2. Destination IP address
3. Source port for UDP or TCP, 0 for other protocols
4. Destination port for UDP or TCP, type and code for ICMP, or 0 for other protocols
5. IP protocol
6. Ingress interface (SNMP ifIndex)
7. IP Type of Service

However if you use a combination of one or more NetFlow sensors and a packet/physical sensor the hostname can be retrieved via DPI and can be then used to associated hostnames with the data collected via NetFlow