This chapter explains what is where in NetVizura NetFlow Analyzer module.

To access NetFlow Analyzer module, click NetFlow on the Module Menu in the Top navigation bar.

When NetFlow module is selected the Flow main screen will show, as shown on the picture below. Note that data displayed will be according to Time Window value: if Time Window is set to Last Day, charts and tables will show netflow traffic that occurred in the last 24h.


On this page:

NetFlow Analyzer User Interface

First let us define main parts of the NetFlow Analyzer user interface:

  1. Mode Panel – choose between the TopN and Raw Data mode
    (info) Only users with NetFlow write module permission can see Raw Data mode

  2. Menu Panel – shows options available in the selected mode
  3. Tab Panel - shows additional options depending on selected mode and menu option (and selected node)
  4. Main Panel – shows network traffic charts and tables for the set Time Window

 

NetVizura NetFlow Analyzer - Navigation

 

To make navigation easier for you, several indicators (blue or white highlights) show where you are and what you are doing – which mode, option, graph, etc. you are currently using or setting. On the figure above you can see that the selected Mode is TopN, selected Menu option is Exporter (San Francisco is the active node), and that selected Tab options is Interface - this results in Main Panel showing the TopN interfaces for exporter San Francisco.

 

Navigating TopN

To access TopN choose TopN in the Menu mode.

Main parts of the NetFlow TopN interface are:

  1. Time Window - sets the time window for TopN traffic

  2. Menu Panel shows:

    1. Exporters and Interfaces Node tree

    2. Traffic Patterns and subnets Node tree

    3. Traffic Patterns and Subnet Sets Node tree

    4. Favorite nodes

    5. System traffic types

    6. Details for selected node in the Node Tree.

  3. Selected node - active node for which the traffic is displayed in the Main Panel

  4. Traffic distribution (Tab Panel) – traffic distribution by subnets (Traffic Pattern view only), interfaces (Exporter view only), hosts, conversations, services, protocols, QoS and AS

  5. Chart and table (Main Panel) – traffic values for the selected node by selected distribution during time set in Time Window

  6. Side Panel – two small charts showing (bits, packets or flow traffic), PDF reports and refresh options

 

NetVizura NetFlow Analyzer - TopN Navigation

 

In Figure above you can see TopN host (4) for Traffic Pattern All Traffic (3) during last 6 hours (1). You can also see that the top host is 172.16.1.41.

To navigate to a desired TopN traffic:

  1. Set Time Window
  2. Select TopN in the Mode Panel
  3. Select an option from the Menu Panel  (Exporters, Traffic Patterns, Subnet Sets or Favorites)
  4. Select the desired node (Exporter, Interface, Traffic Pattern, Subnet Set or Subnet) from the Node Tree
  5. Select the desired traffic distribution (Overview, Interface, Subnet, Host, Conversation, Service, Protocol, QoS or AS) from the Tab Panel

 

NetVizura NetFlow Analyzer - TopN Navigation Example

 

 

Navigating Raw Data

By selecting the Raw Data menu option, you will be able to inspect raw data files in the Main panel.

You can also notice the Raw Data Tree right under the Raw Data menu option. Raw Data Tree groups raw data files in folders according to day/hour/minute. Note that Raw Data Tree will show raw data files for the specified time period set in Time Window.

There are 3 ways of inspecting raw data files:

  1. Select check boxes next to files you want to inspect and click Show Selected

  2. Select a single file in the Raw Data Tree and click Show Selected

  3. Click on a single file to inspect it

To navigate and view Raw Data from specific files:

  1. Select a date/time folder from the Node Tree
  2. Select desired Raw Data files from File Table

    (warning) Raw Data includes vast quantity of information about each single flow. Unpacking many files would require significant processing power and memory space, and therefore it is suggested to select and view only a few files at a time.

  3. Click Show Selected

 NetVizura NetFlow - Raw data (flow records)

By clicking on the Show selected, Raw Data Table will open showing the information from selected raw data files.

NetVizura NetFlow - Raw Data table (flow records)

For easier navigation according to your interest you can further filter, group and sort Raw Data Table records by certain fields.