3 Replies Latest reply on Feb 26, 2008 8:43 AM by floyd.may

    Netflow IPAudit

    jeff.stewart

      We are currently considering buying Netflow and our Secuirity team is wanting to be able to use Neflow somewhat how IPAudit works.  They want to be able to search for an IP address within a date/time range and see the traffic for that specific node .  Is this possible with the current version of Neflow?  If so, how?


      Thanks,


      Jeff

        • Re: Netflow IPAudit

           NTA ships out of the box with an Endpoint Search on the front page.  If NTA has ever received traffic regarding the searched-for host, it will appear in the search results.  Once you click on the endpoint, it will take you to an Endpoint Details page.  From here, you can change the time period.

            • Re: Netflow IPAudit
              jeff.stewart

              Thanks for the quick response.  I have a few questions about it.  When I search for an IP address off of the front page it brings up the IP address with a list of routers that have sent flow data. When I expand the list it shows all interfaces that have traffic for that IP address.  Is there a way to see all the traffic for that end point?  It appears that I have to select the interface of the traffic I want to see, whereas I want to see all traffic for that endpoint, no matter what router it comes off of. 


              As far as the time, I see where I can select an hour back, or even 12 hours back.  What I'm looking for is to say show me the flow data for this end point from 02/15/2008 at 8AM to 2/15/2008 10AM.  Is that possible? 


              Last question.  When I'm looking at the endpoint page I see Top 25 Conversations.  Is there a view to see all Conversations for that specified time period? 


               Thanks so much for all your help. 

                • Re: Netflow IPAudit

                  So, first, the traffic for a given endpoint is always tied to a router, so you don't get double-counting.  If you're seeing the endpoint associated with multiple routers, you'll get the most data from the router that is nearest to the endpoint topologically.

                  Next, you should be able to type in a custom time period like you mentioned.

                  And last, no, there isn't a way to see all conversations.  HTH.