Identifying Application Information and MAC Addresses Using IPFIX Data
Hello everyone,
I'm working on a network monitoring project where we're leveraging IPFIX data to understand the nature of the traffic flowing through our network. Specifically, I'm interested in two key pieces of information:
Application Identification: We need to identify the application-layer protocols or services (like HTTP, HTTPS, DNS, etc.) associated with each flow. I'm aware that IPFIX can include an applicationId, but I'm looking for more details on how this ID is typically used or interpreted. Are there specific standards or mappings that I should be aware of? How can I ensure accurate identification of applications, especially for web services or cloud-based applications? Additionally, how should we handle cases where the applicationId might be missing or not provided by the exporter?
MAC Address Information: I'm also interested in capturing MAC addresses associated with these flows. I know that certain Information Elements (IEs) like sourceMacAddress and postDestinationMacAddress might be available, but I'm curious about the best practices for extracting and using this data. Are these elements commonly supported, and how can I set this up in a typical IPFIX exporter and collector setup?