Distribution by conversation shows who is talking with whom (end to end), i.e. which conversation is consuming most of the traffic, information valuable for further bandwidth usage optimization, application distribution or even security.
To see top conversations:
In/Out definition depends on the selected node. For interface traffic In traffic corresponds to traffic that entered the exporter through that interface. For Traffic Patterns In traffic corresponds to the Inbound traffic - destined to Internal Network in Traffic Pattern definition.
The screenshot above indicates that top conversation is between X.X.20.5 and X.X.2.5, using SIP service and UDP protocol. It is also notable that the conversation consumed Max 144 bps of Out traffic and 143 bps of In traffic.
For each conversation participant, DNS and WHOIS lookup are performed. IP is presented as Hostname, whereas WHOIS description is shown in a tooltip when specific conversation is hovered. Tooltip contains information about organization name, description, country, address, network range and more, depending on data availability. By clicking on the arrow keys in the bottom left corner of the tooltip you can switch to info for the other address in this conversation.
In screenshot above, you can see that the first address relates to organization located in Serbia, you can also see its address and network range.
In the screenshot above you can see Initiator/Responder traffic by clicking on the Ini/Res button above the chart. You get 2 separate charts giving you the exact information about the Initiator and Responder traffic. The logic behind relies on well-known ports (destination port) as always being Responders. Ports are defined in Settings/Display Names/Service. In specific situations where the port is not well-know (not defined in settings) it is checked for the first flow NetVizura receives and that one is defined as Initiator.