Nodes Traffic
This is the main Netflow module. Knowledge about nfdump and the tcpdump filter syntax is helpful here.
The netflow data uses local unix timestamps, which are not adjusted to the client's timezone, if different!
- The first selectbox lets you select the columns to be aggregated by (defaults to proto, src/dst and src/dst port)
- The 2nd determines sorting
- The 3th lets you select the flow source(s)
- The textbox allows for using a filter (some templates above)
- IPs are checked against dns, arp, nodes, network and devices tables and set an icon accordingly
- The slider adjusts the start time (can be set with datepicker by doubleclick on time field)
- You can add a graph like pie chart, sankey or RRD (latter is not adjusting to displayed traffic)
- Enabling name lookup with
uses dns and whois (storing the result in the netinfo table, which can take a moment)
- Clicking on the sources and destinations cycles the filter (src/dst ip, ip, src/dst net, net) for quick changes
- Create an alert policy from an applied by filter by clicking the
icon (requires System-Policy)
NeDi Help