A typical flow-based management system has three components: a sensor (or sensors), a collector, and a reporting system. Components can be combined as well, as you'll learn in Chapter 2.

A sensor, also known as a probe, is a device that listens to the network and captures traffic data. The sensor may be a switch, router, or firewall with integrated flow export capability, or it might be a piece of software listening to an Ethernet tap or a switch port in monitor mode. The sensor tracks network connections, and after it believes a connection has finished or the connection reaches a timeout, it transmits the data.

The collector is software that receives sensor records and writes them to disk. The collector is an absolutely ...