NetFlow monitoring system is used to record and store data in two-way traffic at the ISP network.
In most countries around the world, the requirements for recording and storing data about the ISP operations are stipulated by law of the particular country, as a means to identify end users who are suspected of committing crimes over the Internet.
In the Provider network the system captures the headers of packets about communication and stores these data at a data store. Administration interface provides the ability to view and filter the data to be kept according to a defined period, and if required by a responsible authority (e.g. Police), the ISP is able to export the required data output and pass it over as material for criminal prosecution.
|The principle of the probe and the collector
In practice, logging operates on the principle of the probe and the collector.In most cases the probe is a boundary MikroTik network, which collects data. Then the ISPadmin server itself with a NetFlow module installed becomes the collector, which stores and processes the data.
Packet header contains information about each connection namely: the source and destination IP addresses, destination port, protocol type, the time when communication was carried out, the length of connection, number of packets and bytes and more. So the NetFlow module performs the required records of the client communication, and it is specifically designed for monitoring the client´s accesses to public networks as well as the Internet.