purview: report how to show bidirectional traffic

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered

Our customer has a mid-size Network with Enterasys components S8 in the Core.


PurView, NAC-GW's and Netsight are Version 6.1.0.182. ALL ports from the S8 are policy based mirrored to the PurView Gateway.


Following, simple request:


"Show me with which devices the D2 Switch with IP 10.255.255.150 talks SNMP"


If I start a "Report" with "Network Activity for a Client", set the Client IP Address to 10.255.255.150 I can see there 4 Applications SNMP, NTP, ICMP and TFTP.

If I here click to "SNMP" I will see ALL mirror SNMP traffic but NOT the Device I searched for... (there are about 100 Switches within that LAN).

What is the best way to fullfill this request?



Photo of Rainer Adam

Rainer Adam

  • 874 Points 500 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Mike Thomas

Mike Thomas, Employee - GTAC - NMS

  • 7,650 Points 5k badge 2x thumb
Rainer, 
I have duplicated your results in the lab and discussed with development. The closest you can come to this is searching via the application flows for server=10.255.255.150, app=SMMP
This is not "reporting data" as much as short term flow data that is stored in the database for a short amount of time, typically not more than 4 hrs.

Photo of Thomas, Frank

Thomas, Frank, Employee

  • 1,902 Points 1k badge 2x thumb
An Active view is pretty easy
In the flow tab
"SIP=#SwitchIP,app=snmp"
Photo of Rainer Adam

Rainer Adam

  • 874 Points 500 badge 2x thumb
I am sorry, but there is nothing to see, if I set the filter on Server (or even also on client) to the switch ip address there is nothing to show. Those device(s) will be polled every 30 seconds by the Netsight Server and CA Spectrum is also polling all the devices. So it could NOT happen that there was NO traffic from / to this switch within the last 4 hours. Maybe too less to hold it in the Database, but that would be pretty bad if we cannot trust the data we see (or not). 

I will open a GTAC Case for this.
Photo of Rainer Adam

Rainer Adam

  • 874 Points 500 badge 2x thumb
Extreme Networks GTAC Case # (01127878)
(Edited)
Photo of Mike Thomas

Mike Thomas, Employee - GTAC - NMS

  • 7,650 Points 5k badge 2x thumb
Rainer and I resolved this in the case.
Photo of Rainer Adam

Rainer Adam

  • 874 Points 500 badge 2x thumb
YES, thanks again Mike for support.

It is very simple (if you know it ;) ) Go to "Application" and there to "Application flows" on the right side you can see the "search" line. This is NOT simply a text field to search for, I REALLY recommend you to click to the help text and to "more" within there....