Hi, I'm very new to NTA, and am wondering if its possible to identify the file names/types that users are downloading on the network?
I drilled down into Top conversations, and found a user who has ingress of 1GB of data. Drilling further down, however, I can only see either the IP address or the domain of the host where the Ingress flow came from. It doesn't show what activity/type of traffic the user was using.
NetFlow technology does not have the capability to identify the downloaded file type. NetFlow data exported from your device tells you the source and destination IP address, source and destination port, and protocol used, among other things but no information on what was the actual message content or what was being downloaded. Because of this tools such as SolarWinds NTA can only tell you the IP address involved and the application/protocol used for the download.
I agree with donthomas, NetFlow will only focus on IP addresses, ports and traffic volumes. If you want to understand more about applications and users you need to look at network packets (deep packet inspection). To give you an idea what can be done we have integrated our LANGuardian product with Orion so that you can really see what users are doing on your network. You can access a demo of the integration at this link:
The video below also shows this integration in acttion.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.