On busy routers, the network manager may have chosen to sample the data at intervals instead of every packet, but amprgw isn't all that busy so I'm analyzing every packet that goes through it. Sampling is done so that the amount of data generated by the router netflow statistics reporting isn't greater than the capacity of the host that has to store and analyze it, and so that the router itself doesn't contribute to the congestion on its links.
Netflow does not save the payload content of packets. It does account for it statistically, as the total size of the packet is included in the statistics gathered.
Depends on your definition of privacy: encryption only obscures the content of the packets. The who-called-who and traffic size and duration data is in the clear. This is one of the reasons for the rise in vendors offering VPN services, and for the TOR network.
With the recent change in US law, I realize that my ISP is now probably gathering my call graph data in order to sell that data to advertisers who will target my address. However, neither my employer (who currently is the ISP for most of my internet traffic) nor amprnet are interested in that aspect of the data flows. - Brian
On Tue, May 23, 2017 at 10:30:03AM -0400, Craig Brauckmiller wrote:
From my understanding of netflow, it is based on a sample rate and only 1 out of X packets is actually scanned and reported by netflow. Is that correct? Netflow is not the same as running a TCP DUMP on the network. Additionally, I don't think NETFLOW includes payload data either. Correct?
Unless you are using SSL based connections, there is no such thing as privacy on the internet. The sooner people come to grips with that, the better.