Hello;
How I can search in Netflow the conversations and get source and destination ports?
For example :
Server A IP 10.10.10.10 is transmitting huge traffic to 3 servers (172.16.16.1, 172.16.16.2,172.16.16.3)
Thank you
Hello;
How I can search in Netflow the conversations and get source and destination ports?
For example :
Server A IP 10.10.10.10 is transmitting huge traffic to 3 servers (172.16.16.1, 172.16.16.2,172.16.16.3)
Thank you
To get destination port information, use the Applications filter in Flow Navigator, or use the Top N Applications report under "Historical NetFlow Reports" in the Reports page.
Unfortunately I don't think there's a way to get source port information out of NTA.
NTA only stores one of ports. The rule is following: "Not monitored or higher port number out of tuple [src_port; dst_port] is replaced by value 0, in meaning of random high port".
Example:
Conversation with src_port 80 (monitored) and dst_port 16542 (not monitored) is stored as 80-0, reported as http - random high port;
Conversation with src_port 1006 (not monitored) and dst_port 6343 (monitored) is stored as 0-6343, reported as random high port - sflow;
Conversation with src_port 6343 (monitored) and dst_port 80 (monitored) is stored as 0-80, reported as random high port - http;
Conversation with src_port 1006 (not monitored) and dst_port 16542 (not monitored) is stored as 1006-0 internally, reported as unmonitored application (port 1006) - random high port;
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.