Flow monitoring is a traffic analysis tool that provides a detailed view of the traffic to and from protected virtual machines. When flow monitoring is enabled, its output defines which machines are exchanging data and over which application. This data includes the number of sessions and packets transmitted per session. Session details include sources, destinations, applications, and ports being used. Session details can be used to create firewall to allow or block rules.
You can view flow data for many different protocol types, including TCP, UDP, ARP, ICMP, and so on. You can live monitor TCP and UDP connections to and from a selected vNIC. You can also exclude flows by specifying filters.
Flow monitoring can thus be used as a forensic tool to detect rogue services and examine outbound sessions.