Table of Contents
Advertisement
Querying flows
Table 9-6
Drill-down-only reports
Report
Flows by source port
Flows by destination port
Flows by protocol
FlowChaser serves as a data source in coordination with Symantec Network
Security TrackBack, a response mechanism that traces a DoS attack or network
flow back to its source. The FlowChaser database can be queried for flows by
port and arbitrary address. The Network Security console displays both current
flow data and exported flow data, and provides secondary query options from
the results page.
Symantec Network Security provides query options as follows:
In Query Current Flows or Query Exported Flows
■
In Event Details, right-click the IP address to see the flow statistics
■
In Event Details of an Exported Related Flows, exported flows are displayed
■
The Network Security console retrieves a limited number of records for each
query, which prevents overloading memory, and displays the results in a table.
If more results are available, click Next Results to proceed.
This section includes the following:
Viewing current flows
■
Viewing exported flows
■
Playing recorded traffic
■
Description
This report lists the source ports of flows found on
devices with Flow Status Collection sensor mode enabled.
You can generate this report from within the Devices with
Flow Statistics report.
This report lists the destination ports of flows found on
devices with Flow Status Collection sensor mode enabled.
You can generate this report from within the Devices with
Flow Statistics report.
This report lists the protocols of flows found on devices
with Flow Status Collection sensor mode enabled. You
can generate this report from within the Devices with
Flow Statistics report.
Reporting
237
Querying flows
Advertisement
Table of Contents
