An aspect we already mentioned above, and certainly the most important criteria for flow specifications are the flow endpoints. The endpoint specification somehow has to describe the communicating entities. Potential granularities for this description include aspects such as traffic by
Various additional granularities could be defined, depending on the type of the local network installation and the demands of the user. The only common critera that all granularities have to fulfill is that it must be possible to check for each received packet whether it matches the critiera for the flow or not.
Figure 2.3 illustrates where the flow endpoints could be positioned in the layered communication model of the Internet. If flows are to be specified with a granularity that reaches the application layer, the measuring entity will of course also have to have knowledge about the format of the data of this layer. In the TCP/IP model in order to define flows based on the transport layer, the port identifier field of the TCP header would have to be analyzed.
The granularities do not necessarily have an inherent order, as a single user or application might straddle several hosts or even several network numbers. Generally, flow criteria dont have to be restricted to single network layers. It is also possible to specify a flow using a combination of different criteria on several layers, for example one could aggregate all traffic that is generated by a specific application on a specific machine.
The possibility to define a flow in such a variable way is the hughe advantage and strength of this model. When developing measurement applications, very often it will show that one does not know exactly what should be measured in advance. The configurability of this model reflects this and by keeping as general and abstract as possible, the model is prepared to be usable for all kinds of analysis applications.