Have an proxy server to control traffic outbound from the network via a firewall to the Internet. NTA just reports the traffic showing the proxy interface. How do I get NTA to report the actual address the packet is bound for?
Have an proxy server to control traffic outbound from the network via a firewall to the Internet. NTA just reports the traffic showing the proxy interface. How do I get NTA to report the actual address the packet is bound for?
Netflow as a protocol only knows what is on the packet header, so if your packet is going to the proxy then netflow will only show what the packets actually had on them.
As above you can use a transparent proxy so the packets actually have the header info for their real destination but otherwise the tool just shows you what is on the wire.
Hi wombatactual
I think you will need to do packet analysis for this. This post is somewhat related.
Loopback Mountain: Why NetFlow Isn't A Web Usage Tracker
An example of what can be done with packet analysis is shown at the link below, check out the Top Proxy Flows section. The data is coming from one of our products called LANGuardian.
demo2.netfort.com/Orion/SummaryView.aspx?ViewID=77&AccountID=guest
The other option, transparent proxy, has been mentioned already
Darragh
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.