I am trying to help understand our netflow data. We have some external traffic that's passed through an external firewall and netflow is collected on the internal core switch. Attached is a screenshot of the netflow data. The internal IP has been removed. But we know that the connection originated externally, but how come there wasn't any of the more of the netflow from the source address? (The source port shows the connections). Is this expected or perhaps some netflow data is missing?
Netflow Data
-
CFT6Server
- Posts: 506
- Joined: Wed Apr 15, 2015 4:21 pm
Netflow Data
You do not have the required permissions to view the files attached to this post.
-
jdalrymple
- Skynet Drone
- Posts: 2620
- Joined: Wed Feb 11, 2015 1:56 pm
Re: Netflow Data
Is it most certainly NOT NATted? The capture engine can only grab data from the most recent translation if so, the NAT engine is the keeper of anything else.