Have an proxy server to control traffic outbound from the network via a firewall to the Internet. NTA just reports the traffic showing the proxy interface. How do I get NTA to report the actual address the packet is bound for?
Hello! this might help, but the change needs to be applied on your proxy settings. Capture Netflow Traffic of a Endpoint through a Proxy Server - SolarWinds Worldwide, LLC. Help and Support
Netflow as a protocol only knows what is on the packet header, so if your packet is going to the proxy then netflow will only show what the packets actually had on them.
As above you can use a transparent proxy so the packets actually have the header info for their real destination but otherwise the tool just shows you what is on the wire.
Hi wombatactual
I think you will need to do packet analysis for this. This post is somewhat related.
Loopback Mountain: Why NetFlow Isn't A Web Usage Tracker
An example of what can be done with packet analysis is shown at the link below, check out the Top Proxy Flows section. The data is coming from one of our products called LANGuardian.
demo2.netfort.com/Orion/SummaryView.aspx?ViewID=77&AccountID=guest
The other option, transparent proxy, has been mentioned already
Darragh
