Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Netflow Traffic Analyzer (NTA) > No NetFlow data from a specific node

No NetFlow data from a specific node

Created by Brian O'Donovan, last modified by MindTouch on Jun 23, 2016

Views: 45 Votes: 1 Revisions: 3

Overview

This article addresses the issue where there is no NetFlow data from a specific node.

Environment

All NTA versions

Cause 

This can occur because of the following reasons:

  • Device is not configured properly.
  • ACL or Firewall is blocking NetFlow data.

Resolution

These types of issues need to be investigated using Wireshark or other similar packet analysis software.

Collect a Wireshark capture on the Orion server and configure the capture filter as follows:

  • host %ip address% && udp port 2055 
  • replace %ip address% with the ip address of the device exporting NetFlow
  • UDP Port 2055 assumes default NetFlow Collection port

If there are no packets detected, then there is no NetFlow data getting to the Orion server. This indicates that this issue is external to Orion / NTA and needs to be investigated by user.

 

 

Last modified
20:38, 22 Jun 2016

Tags

Classifications

Public