- Created by Miloš Zeković, last modified by Vladimir Stanković on 24 08, 2016
This chapter explains what is where in NetVizura NetFlow Analyzer module.
To access NetFlow Analyzer module, click NetFlow on the Module Menu in the Top navigation bar.
When NetFlow module is selected the Flow main screen will show, as shown on the picture below. Note that data displayed will be according to Time Window value: if Time Window is set to Last Day, charts and tables will show netflow traffic that occurred in the last 24h.
NetFlow Analyzer User Interface
First let us define main parts of the NetFlow Analyzer user interface:
Mode Panel – choose between the TopN and Raw Data mode
Only users with NetFlow write module permission can see Raw Data mode- Menu Panel – shows options available in the selected mode
- Tab Panel - shows additional options depending on selected mode and menu option (and selected node)
- Main Panel – shows network traffic charts and tables for the set Time Window
To make navigation easier for you, several indicators (blue or white highlights) show where you are and what you are doing – which mode, option, graph, etc. you are currently using or setting. On the figure above you can see that the selected Mode is TopN, selected Menu option is Exporter (San Francisco is the active node), and that selected Tab options is Interface - this results in Main Panel showing the TopN interfaces for exporter San Francisco.
Navigating TopN
To access TopN choose TopN in the Menu mode.
Main parts of the NetFlow TopN interface are:
Time Window - sets the time window for TopN traffic
Menu Panel shows:
Exporters and Interfaces Node tree
Traffic Patterns and subnets Node tree
Traffic Patterns and Subnet Sets Node tree
Favorite nodes
System traffic types
Details for selected node in the Node Tree.
Selected node - active node for which the traffic is displayed in the Main Panel
Traffic distribution (Tab Panel) – traffic distribution by subnets (Traffic Pattern view only), interfaces (Exporter view only), hosts, conversations, services, protocols, QoS and AS
Chart and table (Main Panel) – traffic values for the selected node by selected distribution during time set in Time Window
Side Panel – two small charts showing (bits, packets or flow traffic), PDF reports and refresh options
In Figure above you can see TopN host (4) for Traffic Pattern All Traffic (3) during last 6 hours (1). You can also see that the top host is 172.16.1.41.
To navigate to a desired TopN traffic:
- Set Time Window
- Select TopN in the Mode Panel
- Select an option from the Menu Panel (Exporters, Traffic Patterns, Subnet Sets or Favorites)
- Select the desired node (Exporter, Interface, Traffic Pattern, Subnet Set or Subnet) from the Node Tree
- Select the desired traffic distribution (Overview, Interface, Subnet, Host, Conversation, Service, Protocol, QoS or AS) from the Tab Panel
Continue reading about Traffic Distributions (Top Talkers).
Navigating Raw Data
By selecting the Raw Data menu option, you will be able to inspect raw data files in the Main panel.
You can also notice the Raw Data Tree right under the Raw Data menu option. Raw Data Tree groups raw data files in folders according to day/hour/minute. Note that Raw Data Tree will show raw data files for the specified time period set in Time Window.
There are 3 ways of inspecting raw data files:
Select check boxes next to files you want to inspect and click Show Selected
Select a single file in the Raw Data Tree and click Show Selected
Click on a single file to inspect it
To navigate and view Raw Data from specific files:
- Select a date/time folder from the Node Tree
Select desired Raw Data files from File Table
Raw Data includes vast quantity of information about each single flow. Unpacking many files would require significant processing power and memory space, and therefore it is suggested to select and view only a few files at a time.
- Click Show Selected
By clicking on the Show selected, Raw Data Table will open showing the information from selected raw data files.
For easier navigation according to your interest you can further filter, group and sort Raw Data Table records by certain fields.
Continue reading about Inspecting Raw Data (Flow Records).