• State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 24 subscribers
  • Views 130 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Detailed flow information

FormerMember
FormerMember

Greetings

I'm new to NPM and NTA. I have successfully managed to make the NetFlow traffic from my switch to go through the NTA.

I viewed some of the parameters regarding the flows like destination and source IP address.

Is there a way I can see more parameters about a flow like the protocol used, and especially the start and end time of the transmission, like the timestamp signifying the first and the last packet? I have already set the NetFlow record in my switch to collect all this information.

  • 0

    Hi There,

    If you are using NetFlow version 5 then the following fields are available when you drilldown within NTA

    • Source IP address
    • Destination IP address
    • IP protocol
    • Source port for UDP or TCP, 0 for other protocols
    • Destination port for UDP or TCP, type and code for ICMP, or 0 for other protocols
    • IP Type of Service
    • Timestamps for the flow start and finish time

    An example of this is shown below which I took from the SolarWinds online demo.

    Flows.JPG

    If you are interested in getting information about packets then you need to consider a SPAN or mirror port rather than NetFlow. All managed switches have this feature and it gives you access to more information associated with packets, especially their content.

    From my understanding of the database architecture within NTA the detail mentioned above is only available for records collected within the last hour. After that the data is summerized on an hourly basis. Packet capture applications which integrate with Orion can extend this if you want to keep detailed records for longer.

    Hope this helps,

    Darragh

  • FormerMember
    0 FormerMember in reply to darragh.delaney

    Thank you for your reply.

    I'm using NetFlow version 9 and my switch is Cisco Nexus 1000V. I know that the switch is capable and set to collect the fields you mentioned.

    I just want to know how I can view the values of these fields through the NPM web interface.

    I'm afraid I can't use anything else apart from NetFlow to collect this data, as I'm a student and I have to stick to my NetFlow assignment.

    I'm interested in getting detailed information about the fields you mentioned regarding an application flow, not for a single packet and this has to be done

    by using NetFlow. Besides, I'm perfectly sure that NetFlow is more than enough to provide this information as it's used professionally to monitor network performance.

  • 0 in reply to FormerMember

    The Solarwinds NTA database discards a lot of the detailed NetFlow information during its flow summarization process. Today, there's no way to view flows all the details you list in your post. There are high-end commercial flow products that are oriented towards detailed flows. In the open-source world, I believe that flow-tools and nfdump will both do what you ask.

  • 0 in reply to FormerMember

    Apologies, did not know you are using v9. My response was asumming you were running v5. I must get with the times emoticons_happy.png

    As Jerold suggests there are a lot of interesting tools out there for processing v9

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.