![[CAIDA - Center for Applied Internet Data Analysis logo]](/images/caida_globe_faded.png "Go to CAIDA home page")
In general, flows are a ``set of packets which share a common property.'' However, the most important such properties are the flow's endpoints. For example, the simplest type of flow is a 5-tuple, with all its packets having the same source and destination IP addresses and port numbers. Furthermore, 5-tuple flows are unidirectional, i.e.all their packets travel in the same direction. Such 5-tuple flows are commonly referred to as microflows.
Flows may have two endpoints, (TCP from host A to host B), or only one (all UDP flows from host C). Endpoints may also be more general, for example `TCP from network X/20 to network Y/24,' The above diagram shows the various types of flows arranged in terms of their endpoints. The dates given indicate the time each flow definition appeared.
A flow begins when a its first packet is observed, but one should state how to recognise the end of a flow. The most common method is to specify a fixed timeout, alternatively one can specify a dynamic timeout algorithm. On the diagram the timeout method is shown as F or D.
The flow types are:
| CPB | Claffy, Polyzos and Braun, 1994 | ||
| CoralReef | Supported by CAIDA's CoralReef analysis package | ||
| NetFlow v5 | Early versions of Cisco's NetFlow. 5-tuples with extra attributes such as AS number | ||
| NetFlow v8 | More recent version of NetFlow, supports aggregation | ||
| RTFM | Bi-directional, general flows. Endpoints defined in SRL RFC 2722 | ||
| NeTraMet stream | Bi-directional 5-tuples providing fine structure of RTFM flows. Brownlee and Murray, 2001 |