Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Netflow Traffic Analyzer (NTA) > Understanding Netflow charts and measurements

Understanding Netflow charts and measurements

Table of contents
Created by Eric Bryant, last modified by MindTouch on Jun 23, 2016

Views: 235 Votes: 1 Revisions: 6

Overview

This article provides brief information on common misconceptions/misunderstandings between charts bit rates and measurements of the amount of data transferred over a period of time. 

 

Environment

All NTA versions

Detail

Above the graph displays a data point at 2.9 kbps. This is a data point for the rate the total data was sent at. This should not get confused with the amount of data transferred over the period of time set for the total traffic graph. As you can see below the graph it states how much total ingress and egress bytes sent. Bytes and a per second (kbps) data point are two different measurements. 

 

 

 

 

Example Graph explained in detail:

The data in the peak of the graph is not meant to match the data in the legend of the resource. The legend below the graph is an indication of the TOTAL AMOUNT of data for that protocol that occurred between the time of 11:45am and 12:15pm. The graph is giving a visual representation of how FAST the total amount of data came in relative to the time of the graph. If you look at the legend, it says 15.4 kbytes and 6.3 kbytes, not 15.4 kbps or 6.3 kbps as the peak of those. These are values indicating two separate aspects: data size and data rate. So by looking at the chart, you can see that 21.7 kbytes (ingress and egress combined) worth of TCP based data came in one spike at a rate of 2.9kbps at the time of 11:54am. The peak information in the graph is not meant to be stating 2.9kb of total data came in at that exact time, it’s designating that it came in at a RATE or SPEED of 2.9kbps. Total data received and how fast that data arrived are not the same thing, but they are part of the same coin.

 

 

 

 

Last modified
21:00, 22 Jun 2016

Tags

Classifications

Public