Distribution by conversation shows who is talking with whom (end to end), i.e. which conversation is consuming most of the bandwidth, information valuable for further network optimization.

To see top conversations:

  1. Choose a node type (Exporters, Traffic Patterns, Subnet Sets or Favorites) from the accordion in the Menu Panel
  2. Select desired node (Exporter, Interface, Traffic Pattern, Subnet Set, Subnet or End User) from the Node Tree
  3. Choose Conversation from the Tab panel

 

 


NetVizura NetFlow Analyzer - Distribution by Conversations

 

In/Out definition depends on the selected node. For interface traffic In traffic corresponds to traffic that entered the exporter through that interface. For Traffic Patterns In traffic corresponds to the traffic destined to Internal Network in Traffic Pattern definition.

For more info, see:

The screenshot above indicates that top conversation is between X.X.190.17 and X.X.3.38, using HTTPS service and TCP protocol. It is also notable that the conversation consumed Max 6.7 Mbps of Out traffic and 149.4 kbps of In traffic.

 

 

NetVizura NetFlow Analyzer - Distribution by Conversations Whois

 

 

For each conversation participant, additional DNS and WHOIS lookup are performed. IP is presented as Hostname, whereas WHOIS description is shown in a tooltip when specific conversation is hovered. Tooltip contains information about organization name and address, network range, additional description and more, depending on data availability. In screenshot above, you can see that the first address relates to organization located in Germany, you can also see network range and name of the organization. By clicking on the arrow keys in the bottom left corner of the tooltip you can switch to info for the other address in this conversation.

  • Conversation consists of two hosts/IP addresses, service and protocol. Traffic between two hosts is treated as one conversation only if same service and protocol are used.
  • Lower IP address is placed first, higher is second - the order of IP addresses does not depend on whether host is Source/Destination or in Internal/External Network.
  • Service is not the same as port - one service can use more different ports. In this case, traffic between two hosts using any port associated to a same service is treated as one conversation.

 

  • No labels