How is a network traffic flow uniquely identified?












0















What features/statistics of network traffic uniquely identifies a specific flow?



My initial thoughts were unique identifiers such as all packets going from eth_src to eth_dst and in and out of the same ports.



I have been using the Ryu Traffic Monitor to try and get my head around flows, it seems to use the in_port and eth_dst:



    for stat in sorted([flow for flow in body if flow.priority == 1],

                       key=lambda flow: (flow.match['in_port'],

                                         flow.match['eth_dst'])):

        self.logger.info('%016x %8x %17s %8x %8d %8d',

                         ev.msg.datapath.id,

                         stat.match['in_port'], stat.match['eth_dst'],

                         stat.instructions[0].actions[0].port,

                         stat.packet_count, stat.byte_count)





python networking sdn ryu







share|improve this question



























    0















    What features/statistics of network traffic uniquely identifies a specific flow?



    My initial thoughts were unique identifiers such as all packets going from eth_src to eth_dst and in and out of the same ports.



    I have been using the Ryu Traffic Monitor to try and get my head around flows, it seems to use the in_port and eth_dst:



        for stat in sorted([flow for flow in body if flow.priority == 1],
    
                       key=lambda flow: (flow.match['in_port'],
    
                                         flow.match['eth_dst'])):
    
        self.logger.info('%016x %8x %17s %8x %8d %8d',
    
                         ev.msg.datapath.id,
    
                         stat.match['in_port'], stat.match['eth_dst'],
    
                         stat.instructions[0].actions[0].port,
    
                         stat.packet_count, stat.byte_count)





    python networking sdn ryu







    share|improve this question

























      0












      0








      0








      What features/statistics of network traffic uniquely identifies a specific flow?



      My initial thoughts were unique identifiers such as all packets going from eth_src to eth_dst and in and out of the same ports.



      I have been using the Ryu Traffic Monitor to try and get my head around flows, it seems to use the in_port and eth_dst:



          for stat in sorted([flow for flow in body if flow.priority == 1],
      
                       key=lambda flow: (flow.match['in_port'],
      
                                         flow.match['eth_dst'])):
      
        self.logger.info('%016x %8x %17s %8x %8d %8d',
      
                         ev.msg.datapath.id,
      
                         stat.match['in_port'], stat.match['eth_dst'],
      
                         stat.instructions[0].actions[0].port,
      
                         stat.packet_count, stat.byte_count)





      python networking sdn ryu







      share|improve this question














      What features/statistics of network traffic uniquely identifies a specific flow?



      My initial thoughts were unique identifiers such as all packets going from eth_src to eth_dst and in and out of the same ports.



      I have been using the Ryu Traffic Monitor to try and get my head around flows, it seems to use the in_port and eth_dst:



          for stat in sorted([flow for flow in body if flow.priority == 1],
      
                       key=lambda flow: (flow.match['in_port'],
      
                                         flow.match['eth_dst'])):
      
        self.logger.info('%016x %8x %17s %8x %8d %8d',
      
                         ev.msg.datapath.id,
      
                         stat.match['in_port'], stat.match['eth_dst'],
      
                         stat.instructions[0].actions[0].port,
      
                         stat.packet_count, stat.byte_count)





      python networking sdn ryu




      python networking sdn ryu






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Dec 29 '18 at 13:14









      haltandhaveacoffeehaltandhaveacoffee

      456




      456
























          1 Answer
          1






          active

          oldest

          votes


















          0














          Further investigation has helped me understand this more:



          A network traffic flow is a flow of traffic from a source to a destination.



          The answer to my specific question (which is in relation to transport protocols) is a network flow is defined as a 5-tuple consisting of a source IP address/port number, destination IP address/port number and the protocol in use. Ethernet addresses may also be added in here.



          https://www.techopedia.com/definition/28190/5-tuple



          edit: Thanks to Ron for mentioning that this is only valid for transport protocols that use ports






          share|improve this answer





















          • 1





            "a flow can be uniquely identified as traffic being sent from a eth_src + port number to an eth_dst + port number." That is only valid for transport protocols that use ports, e.g. TCP and UDP. Other transport protocols may use other types of addressing, or no addressing at all.

            – Ron Maupin
            Jan 2 at 17:22











          • Another way, for IPv6, would be to use the Flow Label in the IPv6 header. That is what it is for, although it hasn't seen much use, so far. The idea is that is simplifies identifying a flow. You do not need to look in the IPv6 payload to identify the transport protocol and decipher its header to get a port number, too.

            – Ron Maupin
            Jan 8 at 16:37











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53969889%2fhow-is-a-network-traffic-flow-uniquely-identified%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          Further investigation has helped me understand this more:



          A network traffic flow is a flow of traffic from a source to a destination.



          The answer to my specific question (which is in relation to transport protocols) is a network flow is defined as a 5-tuple consisting of a source IP address/port number, destination IP address/port number and the protocol in use. Ethernet addresses may also be added in here.



          https://www.techopedia.com/definition/28190/5-tuple



          edit: Thanks to Ron for mentioning that this is only valid for transport protocols that use ports






          share|improve this answer





















          • 1





            "a flow can be uniquely identified as traffic being sent from a eth_src + port number to an eth_dst + port number." That is only valid for transport protocols that use ports, e.g. TCP and UDP. Other transport protocols may use other types of addressing, or no addressing at all.

            – Ron Maupin
            Jan 2 at 17:22











          • Another way, for IPv6, would be to use the Flow Label in the IPv6 header. That is what it is for, although it hasn't seen much use, so far. The idea is that is simplifies identifying a flow. You do not need to look in the IPv6 payload to identify the transport protocol and decipher its header to get a port number, too.

            – Ron Maupin
            Jan 8 at 16:37
















          0














          Further investigation has helped me understand this more:



          A network traffic flow is a flow of traffic from a source to a destination.



          The answer to my specific question (which is in relation to transport protocols) is a network flow is defined as a 5-tuple consisting of a source IP address/port number, destination IP address/port number and the protocol in use. Ethernet addresses may also be added in here.



          https://www.techopedia.com/definition/28190/5-tuple



          edit: Thanks to Ron for mentioning that this is only valid for transport protocols that use ports






          share|improve this answer





















          • 1





            "a flow can be uniquely identified as traffic being sent from a eth_src + port number to an eth_dst + port number." That is only valid for transport protocols that use ports, e.g. TCP and UDP. Other transport protocols may use other types of addressing, or no addressing at all.

            – Ron Maupin
            Jan 2 at 17:22











          • Another way, for IPv6, would be to use the Flow Label in the IPv6 header. That is what it is for, although it hasn't seen much use, so far. The idea is that is simplifies identifying a flow. You do not need to look in the IPv6 payload to identify the transport protocol and decipher its header to get a port number, too.

            – Ron Maupin
            Jan 8 at 16:37














          0












          0








          0







          Further investigation has helped me understand this more:



          A network traffic flow is a flow of traffic from a source to a destination.



          The answer to my specific question (which is in relation to transport protocols) is a network flow is defined as a 5-tuple consisting of a source IP address/port number, destination IP address/port number and the protocol in use. Ethernet addresses may also be added in here.



          https://www.techopedia.com/definition/28190/5-tuple



          edit: Thanks to Ron for mentioning that this is only valid for transport protocols that use ports






          share|improve this answer















          Further investigation has helped me understand this more:



          A network traffic flow is a flow of traffic from a source to a destination.



          The answer to my specific question (which is in relation to transport protocols) is a network flow is defined as a 5-tuple consisting of a source IP address/port number, destination IP address/port number and the protocol in use. Ethernet addresses may also be added in here.



          https://www.techopedia.com/definition/28190/5-tuple



          edit: Thanks to Ron for mentioning that this is only valid for transport protocols that use ports







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Jan 17 at 16:16

























          answered Jan 2 at 17:17









          haltandhaveacoffeehaltandhaveacoffee

          456




          456








          • 1





            "a flow can be uniquely identified as traffic being sent from a eth_src + port number to an eth_dst + port number." That is only valid for transport protocols that use ports, e.g. TCP and UDP. Other transport protocols may use other types of addressing, or no addressing at all.

            – Ron Maupin
            Jan 2 at 17:22











          • Another way, for IPv6, would be to use the Flow Label in the IPv6 header. That is what it is for, although it hasn't seen much use, so far. The idea is that is simplifies identifying a flow. You do not need to look in the IPv6 payload to identify the transport protocol and decipher its header to get a port number, too.

            – Ron Maupin
            Jan 8 at 16:37














          • 1





            "a flow can be uniquely identified as traffic being sent from a eth_src + port number to an eth_dst + port number." That is only valid for transport protocols that use ports, e.g. TCP and UDP. Other transport protocols may use other types of addressing, or no addressing at all.

            – Ron Maupin
            Jan 2 at 17:22











          • Another way, for IPv6, would be to use the Flow Label in the IPv6 header. That is what it is for, although it hasn't seen much use, so far. The idea is that is simplifies identifying a flow. You do not need to look in the IPv6 payload to identify the transport protocol and decipher its header to get a port number, too.

            – Ron Maupin
            Jan 8 at 16:37








          1




          1





          "a flow can be uniquely identified as traffic being sent from a eth_src + port number to an eth_dst + port number." That is only valid for transport protocols that use ports, e.g. TCP and UDP. Other transport protocols may use other types of addressing, or no addressing at all.

          – Ron Maupin
          Jan 2 at 17:22





          "a flow can be uniquely identified as traffic being sent from a eth_src + port number to an eth_dst + port number." That is only valid for transport protocols that use ports, e.g. TCP and UDP. Other transport protocols may use other types of addressing, or no addressing at all.

          – Ron Maupin
          Jan 2 at 17:22













          Another way, for IPv6, would be to use the Flow Label in the IPv6 header. That is what it is for, although it hasn't seen much use, so far. The idea is that is simplifies identifying a flow. You do not need to look in the IPv6 payload to identify the transport protocol and decipher its header to get a port number, too.

          – Ron Maupin
          Jan 8 at 16:37





          Another way, for IPv6, would be to use the Flow Label in the IPv6 header. That is what it is for, although it hasn't seen much use, so far. The idea is that is simplifies identifying a flow. You do not need to look in the IPv6 payload to identify the transport protocol and decipher its header to get a port number, too.

          – Ron Maupin
          Jan 8 at 16:37


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53969889%2fhow-is-a-network-traffic-flow-uniquely-identified%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Mossoró

          Image
            Nota: Para outros significados, veja Mossoró (desambiguação). Município de Mossoró "Capital do Oeste Potiguar" [ 1 ] "Capital nacional do Semiárido" [ 2 ] [ 3 ] "Capital Cultural do Rio Grande do Norte" [ 1 ] "Terra de Santa Luzia" [ 4 ] "Terra do Sol, do Sal e do Petróleo" [ 5 ] "Terra da Liberdade [ 6 ] " Centro de Mossoró, com a Praça Vigário Antônio Joaquim e, ao fundo, a câmara municipal de vereadores (esquerda) e Catedral de Santa Luzia (direita) Bandeira Brasão Hino Fundação 15 de março de 1852 (166 anos) Gentílico mossoroense Padroeiro(a) Santa Luzia Prefeito(a) Rosalba Ciarlini Rosado (PP) (2017 – 2020 ) Localização Localização de Mossoró no Rio Grande do Norte Mossoró Localização de Mossoró no Brasil 05° 11' 16" S 37° 20' 38" O 05° 11' 16" S 37° 20' 38" O Unidade federativa Rio Grande do No...
          Read more

          Error while reading .h5 file using the rhdf5 package in R

          Image
          0 I'm importing a .h5 file into R by using the rhdf5 package. But a warning message showed and I found the DATE_TIME column of my data is NA when I view the imported file. Warning message: In H5Dread(h5dataset = h5dataset, h5spaceFile = h5spaceFile, h5spaceMem = h5spaceMem, : h5read for type 'TIME' not yet implemented. Values replaced by NA's. It's all normal when I use Vitables (Python) to open the .h5 file. But the DATE_TIME column is NA with HDFViewer open it. My code is: library(rhdf5) test <- h5read("mytestdata.h5", "/results") View(mydatatest) I want to use R to open .h5 file. Please give me some help! Thanks in advance! r hdf5 rhdf5 ...
          Read more

          Pushsharp Apns notification error: 'InvalidToken'

          Image
          1 1 I am currently working on automatic updates for Passbook (wallet) tickets and am experiencing some trouble using the Pushsharp library by Redth. I am using a Push notification certificate from the apple developer portal. I have tried to export my certificate as .p12, .pem and tried to use only the private key as .12 or .pem but nothing works. This is my full certificate (information is blanked out for security reasons): https://cdn.pbrd.co/images/HUJtb7b.png I dont have enough reputation to post images so a link is all i can provide. var succeeded = 0; var failed = 0; var attempted = 0; var config = new ApnsConfiguration(ApnsConfiguration.ApnsServerEnvironment.Sandbox, ConfigManager.CertPath + "PushCertificateV2.p12", ConfigManager.lvppass, fa...
          Read more