what is bcount in network tuple received

Question

I am trying to analyse network traffic received from fprobe. Sample tuples Im receiving are like this-

{
"bcount": 52,
"protocol": 6,
"Timestamp": "2017-11-15 12:07:20.049+0530",
"etime": 1048514968,
"daddr": "172.24.24.60",
"tag": "netflow_data",
"pcount": 1,
"saddr": "172.24.24.62",
"dport": 53345,
"sport": 8775,
"stime": 1048514968
}

I am able to figure out meaning for rest of the fileds except bcount. I googled it but not able to get proper answer. What I got after searching is that bcount may be stands for block count or byte count. Does anyone knows what exactly it is and what its significance?

Answer 1

Regular Netflow v5 records usually contains counters for bytes and packets contained within a flow (Wikipedia). You didn't mention which flow collector software you're using (only fprobe for generation), so I can't verify this, but I'm pretty sure bcount in your example specifies that there were 52 bytes in the flow record.

This, together with the pcount (number of packets in the flow), is significant for identifying the amount of data transferred between the communicating hosts.