If you combine this with the Network QoE sensor form NPM 11, you should easily be able to identify exactly what you are looking for.
NTA will give you packet header information, specifically the 7 key fields outlined by NetFlow v5.
- Source IP Address
- Destination IP Address
- Source Port Number
- Destination Port Number
- Layer 3 Protocol Type
- Type of Service (ToS) byte value
- IfIndex (Logical Interface) Number
This is a tad bit limited as you generally don't see exact websites from Flow Data (in my experience). More accurately described, you will see your traffic patterns.
- In other words, you will be able to see the conversations, application port numbers, protocols, etc. of all the traffic leaving or coming into the layer 3 interface where you are generating flow data (usually a router interface). You will also see how much of the total bandwidth, with respect to that single interface, each of those metrics takes. So, 90% of the traffic for Gi0/0/1 is between Johnny Appleseed's IP address and this destination public IP address over port 80/HTTP. (notice I say, destination public IP address, not website URL. Sometimes you get a domain, sometimes you don't.)
Now, to be fair, this is still a HUGE leap ahead of the current visibility you have if you are not using Flow Data in your network analysis. So don't let it sound like NetFlow isn't the coolest thing since sliced bread.
However, if you add NPM 11's Network Sensor into the mix, then you automagically have insight into the exact use (and response times) of the packets passing the SPAN/Mirror port that your sensor watches. You can see how much use on that port goes to social media, legitimate business sites, online shopping, etc. (This is because we are now looking at the ENTIRE packet, not just the header). Now, you've got the coolest thing since the butter you put on your sliced bread. Imagine adding a live view of WireShark into your SolarWinds website, but with pretty colors and pie charts instead of lines of text running by the screen.
For reference:
http://www.solarwinds.com/documentation/Netflow/docs/NetFlowBasicsandDeploymentStrategies.pdf
Loop1 Systems: SolarWinds Training and Professional Services
- LinkedIN: Loop1 Systems
- Facebook: Loop1 Systems
- Twitter: @Loop1Systems