An open source netflow program is able to interpret all incoming netflow — or information about incoming users — such as Internet Protocol (IP) address and port numbers. Administrators need this to know who is gaining access to the system and where information is going in the internal network. This helps administrators make firewall rules and track hackers as they attempt to ruin the network. An open source netflow program is non-intrusive; all it does is collect packet header information and report it back to the administrator. So little is being done that little central processing unit (CPU) power is needed for the netflow collector to work.
Visitors, whether they are internal workers or external guests, will visit a website or network constantly. Without an open source netflow program, these visitors can move around the system with only minimal data being collected — not enough to really help administrators guard against attacks. With netflow enabled, the administrator will be able to tell where visitors are going, so he or she will know what areas need to be guarded; he or she also can discover weaknesses in the system. Administrators can simulate network behavior without a netflow, but it takes a massive amount of resources, does not represent how real visitors will use the system, and will interfere with privacy if the administrator is working for a client and not a company.
One of the major ways this guards systems is that netflow helps administrators catch hackers attempting a Denial of Service (DoS) attack. A DoS attack happens when someone throws waves of fake visitors at the system until it crashes because the network cannot handle the massive number of requests. Administrators will be able to determine whether hackers are poking around the system and may be able to cut off DoS attempts.
The way open source netflow software works is by collecting a packet of information from the visitor. This packet will contain basic information, such as IP address, port number and router information. A collector system then looks at the data and stores them for later inspection. This approach is non-intrusive, because the netflow just looks quickly at the packet, copies the information and does not interfere with the visitor.
Very little CPU power is needed for an open source netflow program to function. This is because, compared to other programs, netflow hardly does anything; it looks at basic information and then records it. There are no advanced computations or memory-heavy operations needed for the netflow program to function. This allows administrators to have netflow software on nonstop without it taking away processing power from other programs.