Administrator Handbook Table of contents version française LinkedIn social network LinkedIn social network LinkedIn social network LinkedIn social network Share on social media

Working on Netflow Table


Working on Netflow Table

The Netflow table provide flow statistics collected by the Netflow Collector Plug-in.

You can immediatly start a query, this one will provide a table of the flow statistics orderer by time and date, the older one first.

The table display can be customized to your need. Each column can be added or removed before a query.

Some of the columns can be used to make a sort by ascending order

Keyword Description
version Netflow version
host_id IP address of the router sending the Netflow datagram
engine_type Type of flow switching engine (RP,VIP,etc.)
engine_id Slot number of the flow switching engine
flos_sequence Sequence number of total flows seen
ip_src Source IP address of the flow
ip_dst Destination IP address of the flow
srcport Source port (define application type)
dstport Destination port (define application type)
nexthop Next hop IP address
input Input interface
output Output interface
dPkts Number of Packets sent to this destination
dOctets Number of Bytes sent to this destination
prot Prot field
first start of flow timestamp
last end of flow timestamp
src_subnet Source subnet
dst_subnet Destination subnet
src_mask Source subnet mask
dst_mask Destination subnet mask
src_user_subnet Source user subnet
dst_user_subnet Destination user subnet

src_as
Source autonomous system
dst_as Destination autonomous system
protocol Protocol (srcport, dstport, and prot lookup)
tos Type of service

Example of table with only the source, destination IP address and the application (port number resolved) and sort by application.

Th filter options allow you to extract data form the base on multiple criteria.

You can filter by :

IP source address The source IP address of the flow
Source Port number The source port number
IP destination address The destination IP address of the flow
Destination port number The destination port number (the application)
Timestamp

The time stamp of the Flow compare to now


Prot
The protocol number (TCP=6; UDP=17)

Two options allows you to resolv the port number. This option works when the application table is available and filled.

By default the destination port is resolved. You see the application name near the port number.


 


www.loriotpro.com