Analyse network traffic patterns and bandwidth usage at the interface level. Identify the top applications, protocols, sources, and destinations driving traffic across your network devices.
NetFlow and IPFIX are industry-standard protocols that collect information about IP traffic as it flows through network devices such as routers and switches. Rather than simply measuring how much traffic is passing through a device, NetFlow captures the details of that traffic, including which applications are generating it, which hosts are involved, and which protocols are being used. This gives teams the visibility needed to understand bandwidth consumption, identify unexpected traffic, and troubleshoot network performance issues.
Cloudmon supports both Cisco NetFlow and IPFIX. Throughout this article, the term NetFlow refers to either protocol. Navigate to a network device's NetFlow tab to view its traffic flow data.
Before NetFlow data will appear in Cloudmon, the following must be in place:
NetFlow works by having the network device export flow records to a collector. A flow record represents a group of packets sharing the same source IP, destination IP, source port, destination port, and protocol. The device sends these records to Cloudmon's probe, which acts as the flow collector, listening on UDP port 2055. Cloudmon then aggregates and presents the flow data alongside the standard SNMP monitoring data for the device.
Because NetFlow data comes from the device itself rather than being collected externally, it provides a highly accurate picture of traffic at the interface level without requiring additional hardware taps or span ports.
Once the prerequisites above are met, navigate to Network → Network Device, select the device, and open the NetFlow tab to begin viewing traffic flow data. If the device has just been configured to export flows, allow a few minutes for the first records to arrive.
The NetFlow tab provides a breakdown of traffic at the interface level across several dimensions:
The Flow Analyzer provides multi-level filtering across all of these dimensions. Right-clicking an exporter allows filtering by source, destination, application, protocol, category, and service. Teams can drill from a top transmitter directly into the applications that transmitter is targeting, making it easy to trace the full picture of a bandwidth issue without switching tools.
NetFlow data is also available in Cloudmon's reporting framework. Scheduled reports can be configured for specific devices or interfaces, covering applications, transmitters, receivers, categories, services, TOS, sources, and destinations, and sent automatically on a daily, weekly, or monthly basis. Custom reports offer the same flexibility for user-defined time ranges.
| Symptom | Likely Cause | Fix |
| NetFlow tab showing no data | NetFlow is not enabled on the device in Cloudmon, or the device is not exporting flow records to the probe | Confirm NetFlow is enabled on the device in Cloudmon, verify the device is configured to export flow records to the probe IP on UDP port 2055, and confirm no firewall is blocking that port |
| Traffic data appears but applications show as unknown | Traffic is using non-standard ports that Cloudmon cannot map to a known application | This is expected for custom or proprietary applications. Review the source and destination data to identify the hosts involved and cross-reference with known application deployments |
| Flow data appears delayed | The device's flow export interval is set to a long value | Reduce the active flow timeout and export interval on the network device to increase the frequency of flow record exports |