Showing results for 
Search instead for 
Did you mean: 
Create Post

Traffic from port source

Does UDT have the capability to alert us if a port on a switch was sending out an above threshold amount of traffic? For example if you had a rogue PC that was using a port scanner to map the network?

0 Kudos
4 Replies
Level 12

As mesverrum already stated, UDT does not track Utilization at all.  With that being said, kindly check on the Product blog Below.

UDT doesn't track bandwidth usage at all, its mostly up/down status plus attached mac addresses and arp tables.  Also polling intervals are in the 30+ minute range normally, so even if you want touse data from UDT to complement security tools, you have to factor in that it is not real time.

For basic bandwidth information that falls under NPM.

I've seen port scans show up in NTA as well, as long as the traffic crossed layer 3 points where we gathered flow data.  Some devices support layer 2 flow collection but that is a very short list of hardware models that do it.

- Marc Netterfield, Github

Thanks for that..,we were trying to consolidate vendors. Essentially our security dept was looking for a product that could possibly report on port scanning or excessive bandwidth utilization coming from a particular machine on the network. Our network dept already has the full NPM and NTA installed but the bandwidth reports are from the router interfaces.

Did you have alert set up for possible port scans based on your last comment?

0 Kudos

No, we used SEM for port scan alerts and such.   I could see them happening in NTA once I was looking for them but I can't think of a way you'd be able to write an alert to catch them there.

- Marc Netterfield, Github