Nagios Support Forum

I am trying to help understand our netflow data. We have some external traffic that's passed through an external firewall and netflow is collected on the internal core switch. Attached is a screenshot of the netflow data. The internal IP has been removed. But we know that the connection originated externally, but how come there wasn't any of the more of the netflow from the source address? (The source port shows the connections). Is this expected or perhaps some netflow data is missing?

Is it most certainly NOT NATted? The capture engine can only grab data from the most recent translation if so, the NAT engine is the keeper of anything else.