I have Real-time Netflow Analyzer monitoring a Cisco router which is our gateway to the Internet. I just installed a software on an internal client and the software goes on to the Internet to download updates which are about 100MB total. While the software is downloading, it says it's using about 200KB/sec (It stays around 200KB/sec steadily). In the meantime, I run Real-time Netflow Analyzer on the router's external interface and try to see if the number match what the client is using. In the "Endpoint Window," it says that particular client has:
Total Traffic column : this increases over time but peak 270KB/sec
What puzzles me is the number 270KBsec in the analyzer (increasing over time) does not match 200KB/sec above (pretty steadily around 200). So basically I don't understand the true meaning of "Total Traffic" column in both "Endpoints" and "Conversation" windows. Could someone clarify?
Thank you as always!
It is hard to say as I have no insight to how the other app measures data flow but in Realtime Netflow you are seeing the IP traffic that the Cisco router is marking as flows. Total traffic the the total traffic observed for that entity since RT Netflow was launched on that flow.