Changes between Version 10 and Version 11 of netmon2017netflow
- Timestamp:
- Nov 21, 2017, 5:13:08 AM (6 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
netmon2017netflow
v10 v11 265 265 - Pull the left half of the arrow to the left and the right half to the right, to select the time period of interest. Then you should see some summary statistics appear in the table below the graph, for the time period you have selected 266 266 267 [[Image(https://ws.learn.ac.lk/raw-attachment/wiki/netmon2017netflow/ns2.png)]] 268 267 269 - List individual flows by Selecting "List Flows", make sure none of the "Aggregate" boxes are checked, and then click process. This will display some flows at the beginning of the time period. Click '''process'''. You will see the top flows below. 268 270 271 [[Image(https://ws.learn.ac.lk/raw-attachment/wiki/netmon2017netflow/ns3.png)]] 272 269 273 - By selecting "bi-directional" you can get NfSen to associate the inbound and outbound flows into a single line 270 274 271 275 - If we know which host we want to examine, we can apply a filter to show only those flows to and from that host. Do this by entering "host x.x.x.x" in the filter box, and then pressing process again. (Replace x.x.x.x with the address of one of host PC) 272 276 277 [[Image(https://ws.learn.ac.lk/raw-attachment/wiki/netmon2017netflow/ns4.png)]] 278 273 279 - The next thing we can do is to get NfSen to sort the flows by number of bytes. Remove any filter from the Filter box; select "Stat TopN", stat "Flow Records", order by "Bytes". Ensure all the aggregate boxes are all unchecked, then press process 280 281 [[Image(https://ws.learn.ac.lk/raw-attachment/wiki/netmon2017netflow/ns5.png)]] 274 282 275 283 - NFsen can show you inbound traffic grouped by receiver IP address. which means showing the total amount of traffic delivered to that host. To do this, Stat "DST IP Address", order by "bytes". Then apply a filter which shows only traffic to your group's network: "dst net 192.248.6.0/24". Yo ucan do the same with a single host. 276 284 285 [[Image(https://ws.learn.ac.lk/raw-attachment/wiki/netmon2017netflow/ns6.png)]] 286 277 287 - By clicking on an IP address, you will get some information from reverse DNS and whois.
