This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

IP Address drill down

Hi All,

We currently have Solarwinds NPM 10.3.1, NTA 3.10.0 and I have a question that maybe someone can help me with.

On our Domain everyone who surfs the web from their workstation at one particular branch location has a certain External IP address. They go out surfing the web, listening to Pandora or Iheartradio and my Net Flows only show for the last hour that (not a real ip address) 27.9.40.40 has ingress and egress bytes of 1.6GB for the past hour using world wide web http traffic. It doesn't tell me the exact IP of the offending PC.It could be anyone in our Domain, but we do use a Web filter that has certain groups set to all access for the internet and the majority of my work personnel can access only what websites are needed. So this maybe good traffic and maybe a VP abusing the system.

1) Do I not have a setting correct in my NPM setup?

2) Are we missing a add-on that will help me isolate these IPs?

Thanks,

Any help is appreciated.

Shane

  • This is not a NTA issue, it's a flow collection issue. You just need to collect your flow export data from a device or interface behind the one doing the NAT onto the public IP address. It sounds like you're collecting from the outside interface of your Internet edge router, which will show everything coming from the post-NAT IP address. Either 1) change your flow export to another interface on the same device before NAT occurs, or 2) collect NetFlow from another device deeper inside your network that doesn't do NAT.