We use proprietary and third party's cookies to improve your experience and our services, identifying your Internet Browsing preferences on our website; develop analytic activities and display advertising based on your preferences. If you keep browsing, you accept its use. You can get more information on our Cookie Policy
Cookies Policy
Android Flow Monitoring Open Specification - FIWARE Forge Wiki

Android Flow Monitoring Open Specification

From FIWARE Forge Wiki

Jump to: navigation, search

Contents

Introduction to the Android Flow Monitoring Open Specification

Android Flow Monitoring Open Specification Core

The Android Flow Monitoring Open Specification defines a set of NetFlow v9 templates that specify what data is monitored and exported by the application. The use of these templates allows the application to export geolocation information, as well as Android specific information, when available.

Intended Audience

This specification is intended for both software developers and reimplementers of this GE. For the former, this document provides a full specification of what data is available. For the latter, this specification provides a full specification of what data might be expected by software developers.

Specification Change History

This version of the Android Flow Monitoring Open Specification Guide replaces and obsoletes all previous versions. The most recent changes are described in the table below:

Revision Date Changes Summary
Jun 28, 2013
  • Added Device ID and App Name fields
  • Updated templates to reflect R2.3 software usage
Apr 22, 2013
  • Initial Release

Additional Resources

You can download the most current version of this document from the FIWARE specification website at Android Flow Monitoring Open Specification. For more details about the Android Flow Monitoring that this specification is based upon, please refer to High Level Description. Related documents, including an Architectural Description, are available at the same site.

General Android Flow Monitoring Open Specification Information

Geolocation Field Type Definitions

In order to be able to export geolocation information, we had to extend NetFlow v9, adding the following field type definitions, in addition to using the ones defined in the Section 8 of the RFC:

Field Type Value Length (bytes) Description
LOCATION_ALGORITHM 347 1

Can take two values:

  • 100 if the location was determined using cell towers and WiFi access points
  • 200 if the location was determined using GPS satellites
LOCATION_TIME 348 4 Time at which the location was acquired, in seconds since EPOCH
LOCATION_LATITUDE 349 4 Integer part of the latitude, as a uint32
LOCATION_LATITUDE_DEC 350 8 Decimal part of the latitude as a uint64
LOCATION_LONGITUDE 351 4 Integer part of the longitude, as a uint32
LOCATION_LONGITUDE_DEC 352 8 Decimal part of the longitude as a uint64

Android Field Type Definitions

In addition to geolocation information, some Android specific application are also exported:

Field Type Value Length (bytes) Description
ANDROID_DEVICE_ID 353 4 Unique Identifier of the Android device running the probe
ANDROID_APP_NAME 354 50 Name of the application that initiated the network traffic

Templates Specifications

The Android Flow Monitoring GE chooses the template it uses among four different possibilities, depending on the version of the IP protocol used in the flow, and the availability of geolocation information (which can be configured in the User Interface, please refer to the User Guide).

IPv4, TCP

Field Type Value Length (bytes)
IP_PROTOCOL_VERSION 60 1
IPV4_SRC_ADDR 8 4
IPV4_DST_ADDR 12 4
IN_BYTES 1 4
PROTOCOL 4 1
L4_SRC_PORT 7 2
L4_DST_PORT 11 2
TCP_FLAGS 6 1
ANDROID_APP_NAME 354 50
FIRST_SWITCHED 22 4
LAST_SWITCHED 21 4
IN_PKTS 2 4
ANDROID_DEVICE_ID 353 4
LOCATION_ALGORITHM 347 1
LOCATION_TIME 348 4
LOCATION_LATITUDE 349 4
LOCATION_LATITUDE_DEC 350 8
LOCATION_LONGITUDE 351 4
LOCATION_LONGITUDE_DEC 352 8

IPv4, UDP

Field Type Value Length (bytes)
IP_PROTOCOL_VERSION 60 1
IPV4_SRC_ADDR 8 4
IPV4_DST_ADDR 12 4
IN_BYTES 1 4
PROTOCOL 4 1
L4_SRC_PORT 7 2
L4_DST_PORT 11 2
ANDROID_APP_NAME 354 50
FIRST_SWITCHED 22 4
LAST_SWITCHED 21 4
IN_PKTS 2 4
ANDROID_DEVICE_ID 353 4
LOCATION_ALGORITHM 347 1
LOCATION_TIME 348 4
LOCATION_LATITUDE 349 4
LOCATION_LATITUDE_DEC 350 8
LOCATION_LONGITUDE 351 4
LOCATION_LONGITUDE_DEC 352 8

IPv4, ICMP

Field Type Value Length (bytes)
IP_PROTOCOL_VERSION 60 1
IPV4_SRC_ADDR 8 4
IPV4_DST_ADDR 12 4
IN_BYTES 1 4
PROTOCOL 4 1
FIRST_SWITCHED 22 4
LAST_SWITCHED 21 4
IN_PKTS 2 4
ANDROID_DEVICE_ID 353 4
LOCATION_ALGORITHM 347 1
LOCATION_TIME 348 4
LOCATION_LATITUDE 349 4
LOCATION_LATITUDE_DEC 350 8
LOCATION_LONGITUDE 351 4
LOCATION_LONGITUDE_DEC 352 8

IPv6

In case IPv6 is used instead of IPv4, the above templates are still used, with the only difference being that the fields:

Field Type Value Length (bytes)
IPV4_SRC_ADDR 8 4
IPV4_DST_ADDR 12 4

are replaced by the fields:

Field Type Value Length (bytes)
IPV6_SRC_ADDR 27 16
IPV6_DST_ADDR 28 16
Personal tools
Create a book