For environments using NetFlow/IPFix for collecting network traffic, we recommend the following settings:
Supported Versions: 5, 6, 7, 9, IPFIX (10)
Sampling Rate: Faddom can support any sampling rate in NetFlow, however the smaller the sample size, the longer it will take Faddom to detect flows and changes in flows.
Collector Address: This should be set to the IP address of a Faddom sensor or server.
Collector Port: The recommended port number to use is the default for IPFIX traffic which is 4739 but any port number will work. Using port 9545 is not recommended as this port is used by default for communication between the Faddom sensor and server.
If using Netflow 9 and up, the protocol is template based and you can configure which fields are sent in the packets. These are the fields that are supported by Faddom:
Source IP * (8)
Source Port * (7)
Destination IP * (12)
Destination Port * (11)
Protocol * (4)
Bytes (1)
Packets (2)
TCP Flags (6)
* Required