NetFlow Analyzer shows valuable information about traffic and bandwidth being utilized on an interface. Reports are displayed about traffic based on volume, speed, utilization and packets and you can also see the source, destination and conversations pertaining to the traffic. All this information is shown on an IN and OUT basis.
One might wonder what the IN and OUT information for different report means. The reports on traffic IN shows the traffic that came into the interface and OUT shows the traffic that went out of the interface. That was simple enough but what about source, destination and conversations IN and OUT?
This too is very easy to understand and to explain this, we will make use of a small scenario. Consider a router with two interfaces, one connected to the LAN and the other connected to the WAN. Here, traffic exchange is taking place between the IP Addresses 68.180.206.184 which lies on the Internet and 192.16.1.82 which is in the local network.
When looking at reports for the WAN interface, the Source tab shows you the source of all traffic passing through this interface. Here, Source IN shows the source IP Addresses of the traffic that came into the network through the WAN interface (from the Internet in this case) and Source OUT shows the the source IP Addresses of the traffic that went OUT of this interface to the internet (in this case, from the LAN).
So, in the scenario, if there is traffic from the IP Address 68.180.206.184 to the LAN IP Address of 192.16.1.82, the Source IN will have the IP Address 68.180.206.184 as this IP Address is the source of traffic that came into the WAN Interface. When the LAN IP 192.16.1.82 sends information back to the public IP Address, the Source OUT will have the IP Address 192.16.1.82 because this is the source of traffic that went OUT of the WAN interface.
The Destination tab in NetFlow Analyzer shows the destination of all traffic that passed through a monitored interface. So, for the WAN interface, Destination IN shows the destination of traffic that came into the interface and Destination OUT shows the destination of traffic that went OUT of the WAN interface.
In the scenario where traffic was from 68.180.206.184 to the LAN IP Address of 192.16.1.82, the Destination IN is 192.16.1.82 because this was the destination of traffic that came into the WAN interface. During the return conversation, the IP Address 192.16.1.82 sends traffic with the destination IP Address as 68.180.206.184 and so this is the Destination OUT.
Coming to the conversation, the traffic exchange from the IP Address 68.180.206.184 to the IP Address 192.16.1.82 is a single conversation and this came into the WAN interface. So, this conversation will form the Conversation IN for the WAN interface. When the local IP Address 192.16.1.82 was sending traffic back to the public IP Address 68.180.206.184, this was a conversation that went out of the WAN interface and so forms the Conversation OUT.
Hope this will have cleared a bit of doubt anyone might have had on traffic being displayed in NetFlow Analyzer. So, all these reports based on IN and OUT should help you know the ins and outs about your network traffic.
Thanks and Regards,
Don Thomas Jacob
Hi,
The reports displayed in the product is based on the NetFlow packets generated by the router. The possible reason for all traffic to show with the actual WAN IP Address is that the traffic is reaching the device through a tunnel terminated on the WAN interface.
Please email your contact details along with an issue description to support@netflowanalyzer.com and we will assist you to resolve the issue.
Thanks for this simple explaining. I’ve got an undersanding at last. 🙂 But one thing I didn’t understand is why in my WAN interface report the DestinationIN has only one ip-address (ip-address of WAN interface) instead of LAN IP-addresses? Could you tell me, please.
Thanks for this simple explaining. I’ve got an undersanding at last. But one thing I didn’t understand is why in my WAN interface report the DestinationIN has only one ip-address (ip-address of WAN interface).
Very Good one and Very Useful.
thanks.
Good one and very useful.
Steve
Thanks, Don,
That was very useful.
Time