I love Real-Time NetFlow Analyzer but am puzzled by the numbers it collected from my Cisco router. It seems to collect only the "total" numbers.
My goal is to be able to identify the biggest bandwidth consumer at ANY moment.
In the traffic conversation window, it has columns like "Total Traffic," "Total Packets," and "Traffic Percentage." Since they are "total" numbers, I suppose there could be a conversation that consumes 1Kb/sec for 1200 secs (which yields to 1.2Mb for "Total Traffic") while there is another conversation that consumes 200Kb/sec for 4 secs (which yields only 0.8Mb). If I only look at the total values, I'd say the first conversation has more traffic but in fact I am hunting down the 2nd conversation for my purpose. Is there way to identify 2nd conversation as the culprit in the above scenerio?