Noction Flow Analyzer version 25.03 has just been released, delivering a robust set of...
6.1 Using Filters in Data Explorer
Measuring Traffic Volume to http. #
Description: Measure the total traffic volume (total octets, minimum, and maximum) directed to http.
Filter: Application Name is http,
Group By Application Name.
Monitoring Traffic for Remote Administration Activity #
Description: Monitor network traffic originating from the specific IP address 185.34.203.32 targeting ports commonly used for remote administration, such as SSH (port 22) and RDP (port 3389).
Filter: Source Address is 185.34.203.32 AND (Destination Port is 22 OR Destination Port is 3389).
Verifying Traffic between Two Autonomous Systems #
Description: Verify traffic exchanged between two specific Autonomous Systems (AS).
Filter: Source AS is 62154 AND Destination AS is 54113.
Protocol Traffic Analysis #
Description: Analyze network traffic focusing on TCP and UDP protocols or use grouping to focus on specific fields or compare the amount of traffic.
Filter: Protocol is TCP OR Protocol is UDP, GROUP BY Protocol, source address, destination address.
Traffic Monitoring on Critical IP and Input Interface #
Description: Monitor network traffic destined for the IP address 185.34.203.80 specifically entering through input interface 546.
Filter: Destination Address is 185.34.203.80 AND Input Interface is 546.
Traffic Identification Based on BGP Communities #
Description: Monitor network traffic associated with the specified BGP community (174:21101) directed towards the destination IP address 3.71.212.179.
Filter: Community is 174:21101 AND Destination Address is 3.71.212.179.
Traffic Monitoring for ICMP and IGMP Protocols #
Description: Monitor ICMP (Internet Control Message Protocol) and IGMP (Internet Group Management Protocol) traffic to analyze ping requests and multicast group communication.
Filter: Protocol is ICMP OR Protocol is IGMP.
Traffic Monitoring for ssh on Input Interface 7 #
Description: Monitor traffic originating from input interface 7 specifically for the ssh to analyze its usage patterns.
Filter: Choose Application Name is ssh AND Input Interface is 7.
SNMP Management Traffic Analysis #
Description: Monitor SNMP (Simple Network Management Protocol) traffic specifically to port 161 to analyze network management requests and operations.
Filter: Destination Port is 161 AND Protocol is UDP.
Traffic Identification with Specific Local Preference #
Description: Analyze traffic with a BGP (Border Gateway Protocol) local preference of 100 originating from autonomous system 9002.
Filter: BGP Local Preference is 100 AND Source AS is 9002.
Traffic Analysis Based on a Specific AS Path #
Description: Monitor traffic following a specific AS (Autonomous System) path consisting of AS numbers 25454, 9002, 58453, 9808, 24547.
Filter: Destination AS Path is 25454, 9002, 58453, 9808, 24547.
Traffic Identification Based on the Next Hop Address #
Description: Identify traffic based on the next hop address 185.34.202.14.
Filter: Next Hop is 185.34.202.14.
Analysis of Exported Traffic Based on Exporter ID #
Description: Analyze if exporter with ID 589824 is actually exporting or registering traffic on port 22 (SSH).
Filter: Destination Port is 22 AND Exporter ID is 589824.
Monitor and analyze HTTPS traffic originating from a source address with specific mask. #
Description: Monitor and analyze HTTPS traffic originating from the source address 92.118.39.237 with a specific mask of 24, targeting destination port 443.
Filter: Source Address is 92.118.39.237 AND Source Mask is 24 AND Destination Port is 443.
Traffic Monitoring to a Specific Domain #
Description: Monitor network traffic destined for a specific domain, using an FQDN (Fully Qualified Domain Name) filter for the domain “google.com.”
Filter: Destination FQDN Address is google.com.
