Visualizing Traffic Flows

The main purpose of NetFlow traffic decomposition module is visualization of network traffic in different aspects.

The primary entry point to NetFlow traffic visualization is NetFlow Traffic Summary dashboard. This dashboard

comprises widgets and tables displaying network traffic structure and volume. The dashboard is initially showing an overview of the whole network traffic. It offers a filter for selecting types of traffic to display according to its date/time range, direction, sensor, interface, application, country, source/destination address, protocol, type of service, autonomous system, and more.

The traffic summary dashboard includes several pie charts and tables:

  • Filter displays current settings of Top 10 widgets. It also helps to specify selection according to various criteria. E.g., according to several ports (22 80-100), sub-networks (192.168.75.0/24) or range (192.168.1.1-192.168.1.10)
  • Top 10 Sensors displays sensors statistics by the volume of reported traffic.
  • Top 10 Interfaces shows sensor interfaces that has reported a lot of traffic.
  • Top 10 Conversations shows pairs of nodes with the most active traffic exchange.
  • Top 10 Applications shows applications/ports that produced/consumed a lot of traffic.
  • Top 10 Countries displays per-country traffic statistics. It's showing private network traffic separately.
  • Top 10 Endpoints displays traffic volume for most active network nodes (regardless to whether they're located in LAN/WAN or Internet).
  • Top 10 Protocols shows distribution of traffic by protocols.
  • Top 10 Types of Service displays traffic statistics grouped by types of service specified in IP packet headers.
  • Top 10 Autonomous Systems displays traffic volume distribution by autonomous systems. This information is provided only by certain models of flow exporters and flow collection protocols.

The second dashboard used for traffic analysis is Endpoint Details dashboard. It allows to view detailed traffic information for a specific network node. The dashboard visualizes temporal distribution of the traffic by employing a number of area charts:

  • Total Bytes Transferred
  • Total Packets Transferred
  • Top 5 Applications
  • Top 5 Protocols
  • Top 5 Conversations
  • Top 5 Types of Service
  • Top 5 Source Countries
  • Top 5 Destination Countries
  • Top 5 Autonomous Systems

Was this page helpful?