• State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 38 subscribers
  • Views 378 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

NTA 4.4.0 - Network Spike Culprits

rgnetmon

Is there a way for NTA to be more granular? The issue that I'm having is find the specific culprit of network spikes. When I checked the "Top Conversations" it only shows me the source as my border router and the destination of "Akamai Technologies," who provides content delivery to a number of websites. How can I utilize NTA to find the exact source and destination that is causing network spikes? Is this possible with NTA?

pastedImage_0.png

  • 0

    hi rgnetmon

    First up, NetFlow is not great when it comes to network edge monitoring. More in this post

    Loopback Mountain: Why NetFlow Isn't A Web Usage Tracker

    "NetFlow v5 isn't a good web usage tracker because nowhere in the list of fields above do we see "HTTP header".  The HTTP header is the part of the application layer payload that actually specifies the website and URL that's being requested."

    However, if you move to an IPFIX or packet data source you should be able to get the detail you need. You may be able to use IPFIX with existing tools. For packet capture and analysis, you may need a third party tool like our own LANGuardian. It can integrate with Orion so you can see Internet traffic detail from your existing dashboards. Demo at the link below

    http://demo2.netfort.com/Orion/SummaryView.aspx?ViewID=77&AccountID=guest

    Darragh

  • 0

    If you're seeing your router as the source, it sounds like you're exporting flow traffic post-NAT, for example on the outside interface of a border router rather than the inside interface.  If you export from both interfaces, you can inspect the inside interface's flow to see pre-NAT packet data which will give you the original source.

    CDN's like Akamai definitely make reading destinations harder.  Any ideas jreves​?

    You may check the other flows from the same source near the same time to see the website that referred them to the CDN.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.