cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 15

Trending traffic between IP address groups

I'm looking to find out how I could use NTA to trend traffic between different IP address groups. Ideally, I'd like to have a graph that represents traffic between two IP address groups over a specific period of time. Therefore, I could create a view with these graphs between various IP address groups. Is this at all feasible?

0 Kudos
5 Replies
Level 11

Hi Quang Le,

This functionality is supported out of the box for NTA. Under Netflow setting you can Edit and add new IP Address Groups, you can also check the box to “Enable display in the Top XX IP Address Groups resource”.

ip groups.PNG

To view a chart over a specific period of time you can use the Flow Navigator Menu –> Time Period - to define the range of times that you would like to see appear on the chart.

Flow Navigator Time Period.PNG

Hope that Helps!

-Jacob


Jacob,

Thanks, I'm already familiar with the IP Address Group feature and creating them. Looking over the IP Address Group summary view is somewhat helpful in that I can filter by a single IP Address Group. However, if I filter on more than IP Address Group, the logic is hard coded to show traffic for "Group A" or "Group B" and not "Group A" and "Group B".

The Time Period filter is helpful once I realized that I could modify the NetFlow resource to display an Area Chart as opposed to a Pie Chart.

So now, if I could get the filter to display only traffic between "Group A" and "Group B", I might be able to achieve my goal.

Quang

Quang,

it is a bit silly workaround but should work: try to exclude all IP groups other than Group A and Group B. Using flow navigator, IP group filter, change include to exclude and add all other IP groups.

Level 13

There are a number of view resources around IP address groups that you can add to a view to provide you this information.  By default the IP Address Groups view on the Netflow tab menu bar has most of them on there.  The one it is missing by default is the "Top XX IP Groups Conversations" resource.  It can be found in the Add Resource view under Netflow Top Resources.  I think this resource might provide what you are asking for.

Sohail Bhamani

Loop1 Systems

http://www.loop1systems.com

Sohail,

Thanks for the suggestion. I wasn't aware of the "Top XX IP Groups Conversations" resource. Unfortunately,it doesn't address my need to trend over a period of time between two specific IP address groups.

Quang