1 Reply Latest reply on May 29, 2015 4:28 PM by darragh.delaney

    ISP cached servers taking over NTA


      Our ISP has started to use a cache server and now NTA is pretty useless. The odd thing is I don't see these cached server when running reports on our web filter it still shows the actual internet domain instead of the ISP cached server. How can I fix this so NTA is usable again?


      For example if I view top endpoints its full of hostnames like below instead of seeing the actual hostname


      ggc.isp.com (ip address)

      ggc.isp.com (ip address)

      akm.isp.com (ip address)


      Its even worse when looking at top conversations, since the ISP is caching things like google, netflix, apple, amazon I lost the ability to see what is consuming all the internet bandwidth. Conversations look like this


      Between internal PC and ggc.isp.com (IP)

      Between internal PC and ggc.isp.com (IP)

      Between internal PC and akm.isp.com (IP)


      What can be done? Is this a NTA DNS issue, a netflow issue? Again if I view top domains on my webfilter I don't have this problem.

        • Re: ISP cached servers taking over NTA

          Hi string6

          The problem with flow analysis is that it is doing a reverse lookup on the IP addresses and it is getting your ISP domain names. The only way around this from what I know is to deploy deep packet inspection which can look at the HTTP headers and extract the actual domain names. See below for a video which shows how a product called LANGuardian could be used to report on Internet usage through the SolarWinds interface. This is an example of how DPI can be used to report on proper domain usage.


          Hope this helps,