Observe NetFlow Flow Records - One Direction

In this activity, you will use Packet Tracer to create network traffic and observe the corresponding

NetFlow flow records in a NetFlow collector. Packet Tracer offers a basic simulation of NetFlow func-
tionality. It is not a replacement for learning NetFlow on physical equipment. Some differences may

exist between NetFlow flow records generated by Packet Tracer and by records created by full-featured
network equipment.

Step 1. Open the NetFlow collector.
a. From the NetFlow Collector, click the Desktop tab. Click the Netflow Collector icon.
b. Click the On radio button to activate the collector as necessary. Position and size the

window so that it is visible from the Packet Tracer topology window.

Step 2. Ping the default gateway from PC-1.
a. Click PC-1.
b. Open the Desktop tab and click the Command Prompt icon.
c. Enter the ping command to test connectivity to the default gateway at 10.0.0.1.
```
C:\> ping 10.0.0.1
```
d. After a brief delay, the NetFlow Collector screen will display a pie chart.
Note: The first set of pings may not be sent to the NetFlow Collector because the ARP process must
first resolve IP and MAC addresses. If after 30 seconds, a pie chart does not appear, ping the default
gateway again.
e. Click either the pie chart or the legend entry to display the flow record details.
f. The flow record will have entries similar to those in the table below. Your timestamps

will be different.
In this case, the flow represents the ICMP ping from host 10.0.0.10 to 10.0.0.1. Four ping
packets were in the flow. The packets entered interface Gig0/0 of the exporter.

Note: In this activity, the Edge router has been configured as a NetFlow flow exporter. The LAN inter-
face is configured to monitor flows that enter it from the LAN. The serial interface has been configured

to collect flows that enter it from the Internet. This has been done to simplify this activity.
To see traffic that matches a full bi-directional session, the NetFlow exporter would
need to be configured to collect flows entering and leaving a network.

Step 3. Create additional traffic.
a. Click PC-2 > Desktop.
b. Open a command prompt and ping the default gateway 10.0.0.1.

What do you expect to see in the NetFlow collector flow records? Will the statistics
for the existing flow record change, or will a new flow appear in the pie chart?
A flow is defined as a unidirectional flow of packets that share the same source and
destination IP addresses and port numbers, as well as the same IP protocol. Because
this traffic will have a different source IP address, it will create a new flow record that is
represented by a new color-coded portion of the pie chart.
c. Return to PC-1 and repeat the ping to the gateway.

How will this traffic be represented? As a new segment in the pie chart or will it modi-
fy the values in the existing flow record?
The details of the original flow remain the same, however the proportion of traffic rep-
resented by the flow has doubled.
d. Issue pings from PC-3 and PC-4 to the default gateway address.
What should happen to the display in the flow collector?
A new record should appear for each flow.