Network flow is defined as a unidirectional sequence of packets between given source and destination endpoints. Network flows are highly granular: flow endpoints are identified both by IP address as well as by transport layer application port numbers. (NetFlow also uses IP Protocol, ToS and the input interface port to uniquely identify flows.) Conventional network layer switching handles incoming packets independently, with separate serial tasks for switching, security, services and traffic measurements applied to each packet. With NetFlow switching, this process is applied only to the first packet of a flow. Information from the first packet is used to build an entry in the NetFlow cache. Subsequent packets in the flow are handled via a single streamlined task that handles switching, services, and data collection concurrently.

NetFlow is an open but proprietary network protocol developed by Cisco Systems to run on Cisco IOS-enabled equipment for collecting IP traffic information.