Where applicable, traffic views can be further split and filtered based on the following perspectives: interface direction, endpoint direction, conversation participant, network direction and end users.
Taking a look from a particular perspective is actually what you need in order to understand the event in the network.

Interface (Out/In)

Interface In/Out perspective will make a split to traffic that came into the interface(s) and traffic that went out of the interface(s).


NetVizura NetFlow Analyzer Interface Out-In Example


In the screenshot above we see that after business hours yesterday, 10.16.12.19 was the top consuming Src host making traffic in Out direction via Los Angeles interface.

Endpoint (Src/Dst)

Host participants perspective will separate traffic to the one made by source host, service or AS and traffic made by destination host, service or AS.


NetVizura NetFlow Analyzer Src-Dst Example


Above screenshot explains better how much traffic a particular host, e.g. 10.16.12.19, achieved both as a Src and Dst via Los Angeles interface.

Conversation (Ini/Res)

Ini/Res perspective shows conversation split to traffic from initiator to responder and traffic from responder to initiator.


For example, you wan't to see which internal hosts started the conversations with external hosts (external initiators are typically blocked by firewalls) and how much of unwanted traffic came from external responders as a result, which can provide valuable insight for your security analysis. 

Network (Out/In)

Network perspective shows traffic segment split to outbound traffic (from internal to external network) and inbound traffic (from external to internal network), as defined in the traffic pattern.


NetVizura NetFlow Analyzer Outb-Inb Example

Our screenshot above clearly shows the traffic rate coming into the network and from the network to the Internet. Naturally, the main services used were HTTP and HTTPS. Besides this, we also notice a valuable info that the Out/In proportion for them is different - 1/10 for HTTP and 1/4 for HTTPS.

End User (Upload/Download)

End user perspective will present separately upload traffic (from end user to other host) and download traffic (from other host to end user).


NetVizura NetFlow Analyzer Upload-Download Example


From the screenshot above, we can say that user Annabel Dries is constantly generating a huge download (~10 Mbps) from Akamai Technologies (CDN) during non-working hours. During working hours this download is reduced, indicating that QoS is working properly.

On this page:

  • No labels