What features/statistics of network traffic uniquely identifies a specific flow?
My initial thoughts were unique identifiers such as all packets going from eth_src to eth_dst and in and out of the same ports.
I have been using the Ryu Traffic Monitor to try and get my head around flows, it seems to use the in_port and eth_dst:
for stat in sorted([flow for flow in body if flow.priority == 1],
key=lambda flow: (flow.match['in_port'],
flow.match['eth_dst'])):
self.logger.info('%016x %8x %17s %8x %8d %8d',
ev.msg.datapath.id,
stat.match['in_port'], stat.match['eth_dst'],
stat.instructions[0].actions[0].port,
stat.packet_count, stat.byte_count)
Further investigation has helped me understand this more:
A network traffic flow is a flow of traffic from a source to a destination.
The answer to my specific question (which is in relation to transport protocols) is a network flow is defined as a 5-tuple consisting of a source IP address/port number, destination IP address/port number and the protocol in use. Ethernet addresses may also be added in here.
https://www.techopedia.com/definition/28190/5-tuple
edit: Thanks to Ron for mentioning that this is only valid for transport protocols that use ports