IRP Resources

White Papers

Discover IRP features, review use cases and make informed decisions

Case Studies

Case studies and success stories to help in the decision-making process

Videos

Watch Noction IRP videos, screencasts and client testimonials

Manuals

Technical Noction IRP documentation, deployment instructions and datasheets

Tier 1 Reports

Get a first-hand network performance view of the major Tier 1 Carriers

IRP FAQ

See answers to the questions we get asked the most about Noction IRP

NFA Resources

NFA Documentation

Product overview, user guide and the deployment instructions documents

Tips and Tricks

Practical and useful info on NFA and the overall NetFlow analysis

NFA FAQ

A series of the most common NFA questions and answers

Guides & eBooks

View All Guides

6.1 Using Filters in Data Explorer

Measuring Traffic Volume to mysql. #

Description: Measure the total traffic volume (total octets, minimum, and maximum) directed to mysql.

Filter: Application Name is mysql,

Group By Application Name.

Monitoring Traffic for Remote Administration Activity #

Description: Monitor network traffic originating from the specific IP address 185.234.216.136 targeting ports commonly used for remote administration, such as SSH (port 22) and RDP (port 3389).

Filter: Source Address is 185.234.216.136 AND Destination Port is 22 OR Destination Port is 3389.

Verifying Traffic between Two Autonomous Systems #

Description: Verify traffic exchanged between two specific Autonomous Systems (AS).

Filter: Source AS is 62154 AND Destination AS is 31252.

Protocol Traffic Analysis #

Description: Analyze network traffic focusing on TCP and UDP protocols or use grouping to focus on specific fields or compare the amount of traffic.

Filter: Protocol is TCP OR Protocol is UDP.

Traffic Monitoring on Critical IP and Input Interface #

Description: Monitor network traffic destined for the IP address 4.87.0.0 specifically entering through input interface 16.

Filter: Destination Address is 4.87.0.0 AND Input Interface is 16.

Traffic Identification Based on BGP Communities #

Description: Monitor network traffic associated with the specified BGP community (31580:31580) directed towards the destination IP address 185.108.39.69.

Filter: Community is 31580:31580 AND Destination Address is 185.108.39.69.

Traffic Monitoring for ICMP and IGMP Protocols #

Description: Monitor ICMP (Internet Control Message Protocol) and IGMP (Internet Group Management Protocol) traffic to analyze ping requests and multicast group communication.

Filter: Protocol is ICMP OR Protocol is IGMP.

Traffic Monitoring for ssh on Input Interface 7 #

Description: Monitor traffic originating from input interface 7 specifically for the ssh to analyze its usage patterns.

Filter: Choose Application Name is ssh AND Input Interface is 7.

Traffic Analysis on Exporter IP Address #

Description: Monitor traffic that passes through the device 185.34.202.233 specifically to port 80 (HTTP) to analyze web access patterns.

Filter: Choose Exporter Address(Device) is 185.34.202.233 AND Destination Port is 80.

SNMP Management Traffic Analysis #

Description: Monitor SNMP (Simple Network Management Protocol) traffic specifically to port 161 to analyze network management requests and operations.

Filter: Destination Port is 161 AND Protocol is UDP.

Traffic Identification with Specific Local Preference #

Description: Analyze traffic with a BGP (Border Gateway Protocol) local preference of 100 originating from autonomous system 14618.

Filter: BGP Local Preference is 100 AND Source AS is 14618.

Traffic Analysis Based on a Specific AS Path #

Description: Monitor traffic following a specific AS (Autonomous System) path consisting of AS numbers 31252, 3356, 4837, and 17622.

Filter: Destination AS Path is 31252, 3356, 4837, 17622.

Traffic Identification Based on the Next Hop Address #

Description: Identify traffic based on the next hop address 95.65.8.137.

Filter: Next Hop is 95.65.8.137.

Analysis of Exported Traffic Based on Exporter ID #

Description: Analyze if exporter with ID 589824 is actually exporting or registering traffic on port 21 (FTP).

Filter: Destination Port is 21 AND Exporter ID is 589824.

Monitor and analyze HTTPS traffic originating from a source address with specific mask. #

Description: Monitor and analyze HTTPS traffic originating from the source address 193.163.125.224 with a specific mask of 24, targeting destination port 443.

Filter: Source Address is 193.163.125.224 AND Source Mask is 24 AND Destination Port is 443.

Traffic Monitoring to a Specific Domain #

Description: Monitor network traffic destined for a specific domain, using an FQDN (Fully Qualified Domain Name) filter for the domain “google.com.”

Filter: Destination FQDN Address is google.com.

HTTP Network Traffic Monitoring #

Description: Monitor network traffic that utilizes the HyperText Transfer Protocol (HTTP).

Filter: Destination Port is 80 AND Protocol is TCP.

Updated on Aug 7, 2024

Company News

Blog

About Us

Press Releases

Careers

Support

When Critical Infrastructure is Vulnerable: Rethinking Network Resilience

Noction IRP Quote

NFA Pricing