4 Replies Latest reply on Aug 31, 2012 8:30 AM by Adam Stephen

    Netflow Granular View Options

    Adam Stephen

      We have a fairly large environment.  When you specify a flow through example a Ten Gigabit connection.  I want to view all traffic comunicating on port 22 through that connection.  The dash board only shows top 5 talkers.  Is there anyway to have the dash board be able to have an expanded view of smaller talkers than just the top 5. 

      Another example would be a user is complaining that they are having issues connecting to a sql server, but we need to identify their station traffic specifically.   Their traffic in the grand scheme of others on that specific switch does not grant top 5 status.  No other user has the same complaint and the sql server is fine.  In our department we have a lot of finger pointing going on.  That user would for example be viewing a movie or has a rogue application pegging ther pcs pipe.  Netflow could allow us to narrow down that his PC is the real issue.  Netflow could save us a lot of time of  the game of passing the buck so to speak  How could I tune NTA to allow for a more granular switch port view.  I do have IP flow configured on all of our user and data switches on all static endpoints. 

       

      Thanks in advance,

        • Re: Netflow Granular View Options
          jswan
          1. Use Flow Navigator to build:
            1. View Type: Detail
            2. Detail View Type: Interface
            3. Select the appropriate node and 10 GigE interface.
            4. Select the desired time period.
            5. Select SSH (tcp/22) as the application
            6. Click Submit
          2. On the "Top N Endpoints" element in the resulting page, click Edit, and change "Maximum Number of Items to Display" to 100
          3. Click Submit

           

          You'll now have a more granular view of SSH traffic (tcp/22) through that interface.

           

          Unfortunately there's no way to get more than 100 items or get it in a format other than TopN.

          1 of 1 people found this helpful
            • Re: Netflow Granular View Options
              Adam Stephen

              Jswan,

               

              I am fairly new to Solar winds and Net flow so I was a bit lost.  Thanks for this answer as it was very insightful.  I have a better understanding once trying that example to what I can really do with the NTA tool.  I also got a few training videos on planning and implementation of Net flow on multple platforms and how to leverage them in Solar winds NTA.

               

              Thanks,

            • Re: Netflow Granular View Options
              darragh.delaney

              Hi Adam,

              When it comes to monitoring user activity you may be able to see what’s happening by focusing on a number of network tap points at the core. This could include things like server, router and firewall connections. This approach would then allow you to leverage SPAN ports which can connect to deep packet inspection appliances or be converted to NetFlow using nprobe. This approach will avoid the complexities of trying to monitor all switch ports on the network.

               

              When it comes to getting usernames you may need to revert back to something like active directory logs to find what IP addresses are associated with what users.

               

              If you do want to get more information about what is communicating on port 22 you can get applications which connect to a SPAN port to give you more granular information than NetFlow. If you follow the link below you can see an example of this in action.

               

              https://demo.netfort.com/netmon/view.cgi?id=&rid=1000009

               

              This then could be presented within your Orion deployment as a custom HTML element like what can be seen in the right hand column of this Orion view

               

              http://demo2.netfort.com/Orion/SummaryView.aspx?viewid=27

               

              Darragh

              1 of 1 people found this helpful
                • Re: Netflow Granular View Options
                  Adam Stephen

                  Darragh,

                   

                  Thanks for the demos.  This looks like a good way to get a birds eye view of what I was talking about.  Our main focus is to get problem resolution down to minutes instead of hours.  I am not the body that makes the decisions but I will talk with my colleauges and see what their goals and aspirations are.

                   

                  Thanks Again,