Flowmon app configuration

Main settings

Flowmon API address

Flowmon web console address Same as API address

Username

Password

Timeout for components loading (ms)

Connection options:

Enable certificate validation

Proxy setup

Use proxy

Flows output format

Search in table:

Amounts Bytes (byt) Flows (fl) Packets (pkt) Bytes per packet (bpp) Bits per second (bps) Packets per second (pps) Input Packets (ipkt) Output Packets (opkt) Input Bytes (ibyt) Output Bytes (obyt)

IP Source IP address (sa) Destination IP address (da) Source port (sp) Destination port (dp) Flow source IP address (ra) Protocol (pr) TCP Flags (flg)

Autonomous Systems Source AS (sas) Destination AS (das) Previous AS (pas) Next AS (nas)

Cisco AVC ART Metrics Server Network Time Sum (asnt) Server Network Time Min (asntmin) Server Network Time Max (asntmax) Client Network Time Sum (acnt) Client Network Time Min (acntmin) Client Network Time Max (acntmax) Server Response Time Sum (asrt) Server Response Time Min (asrtmin) Server Response Time Max (asrtmax) Responses Histogram 1 (ahist1) Responses Histogram 2 (ahist2) Responses Histogram 3 (ahist3) Responses Histogram 4 (ahist4) Responses Histogram 5 (ahist5) Responses Histogram 6 (ahist6) Responses Histogram 7 (ahist7) Responses Late (arlate)

COAP COAP Version (coapver) COAP Message ID (coapmid) COAP Code (coapcode) COAP Opt Count (coapopcount) COAP Type (coaptype) COAP Accept (coapaccept) COAP Content Format (coapcontentfmt) COAP Token (coaptoken) COAP URI Host (coapurihost) COAP URI Path (coapuripath) COAP URI Query (coapuriquery)

Date and time Start Time - first seen (ts) End Time - last seen (te) Duration (td) Flow receive time (tr)

DHCP DHCP Server IP (dhcpsip) DHCP Host name (dhcphname) DHCP Domain name (dhcpdname) DHCP Host MAC (dhcphmac) DHCP Lease time (dhcpltime) DHCP Message type (dhcptype) DHCP Offered IP (dhcpoip) DHCP Request IP (dhcpipreq)

DNS DNS Response Code (dnsrcode) DNS Response Data (dnsrdata) DNS Identifier (dnsid) DNS Question Count (dnsqcnt) DNS Answer Count (dnsancnt) DNS Authority Count (dnsaucnt) DNS Additional Count (dnsadcnt) DNS Response Type (dnsrtype) DNS Response Class (dnsrclass) DNS Response TTL (dnsrttl) DNS Question Type (dnsqtype) DNS Question Class (dnsqclass) DNS Flags (dnsflags) DNS OP Code (dnsopcode) DNS Query/Response (dnsqrflag) DNS Question Name (1st level domain) (dnsqname1) DNS Question Name (1st & 2nd level domain) (dnsqname2) DNS QuestionName (1st, 2nd & 3nd level domain) (dnsqname3) DNS Question Name (dnsqname) DNS Response Name (1st level domain) (dnsrname1) DNS Response Name (1st & 2nd level domain) (dnsrname2) DNS Response Name (1st, 2nd & 3nd level domain) (dnsrname3) DNS Response Name (dnsrname) DNS Response Data (1st & 2nd level domain) (dnsrdata2) DNS Response Data (1st, 2nd & 3nd level domain) (dnsrdata3)

Email E-MAIL Failed Authentication (mailfailauth) E-MAIL SMTP From (smtpfrom) E-MAIL SMTP Helo (smtphelo) E-MAIL STARTTLS (mailtls) E-MAIL Username (mailuser)

Flowmon NPM Round Trip Time (nrtt) Server Response Time (nsrt) Out of Order (nooo) Retransmission (nretr) Jitter Deviation (njdev) Jitter Average (njavg) Jitter Min (njmin) Jitter Max (njmax) Delay Deviation (nddev) Delay Average (ndavg) Delay Min (ndmin) Delay Max (ndmax)

Geolocation Source country (scc) Destination country (dcc)

HTTP URL (hurl) URL First (hurl1) Hostname (hhost) HTTP result code (hrcode) HTTP method (hmethod) Operating System (hos) OS Major Version (hosmaj) OS Minor Version (hosmin) OS Build Version (hosbld) Application Info (happ) Application Major Version (happmaj) Application Minor Version (happmin) Application Build Version (happbld)

IEC104 IEC104 Packet Length (iec104pktlen) IEC104 Frame Format (iec104fmt) IEC104 ASDU Type (iec104asdutype) IEC104 ASDU Object Count (iec104asduobjcount) IEC104 ASDU Cause of Transmission (iec104asducot) IEC104 ASDU Originator Address (iec104asduorg) IEC104 ASDU Common address (iec104asduaddr)

Interfaces Input Interface (rainf) Output Interface (raoutf) Direction (in, egress) (dir) Next-hop IP address (nh) BGP Next-hop IP address (nhb)

L3/L4 extended TCP Window size (tcpwinsize) TCP Syn size (tcpsynsize) TCP TTL (tcpttl)

MAC address Input Src MAC addr (ismc) Output Dst MAC addr (odmc) Input Dst MAC addr (idmc) Output Src MAC addr (osmc)

Masks Forwarding Status (fwd) Source mask (smk) Destination mask (dmk)

MPLS tags MPLS Label 1 (mpls1) MPLS label 2 (mpls2) MPLS Label 3 (mpls3) MPLS Label 4 (mpls4) MPLS label 5 (mpls5) MPLS Label 6 (mpls6) MPLS Label 7 (mpls7) MPLS label 8 (mpls8) MPLS Label 9 (mpls9)

MPLS VPN Route Distinguisher Route Distinguisher (rd)

MSSQL MSSQL Client version (tdscver) MSSQL Database context (tdsdb) MSSQL Hostname (tdshost) MSSQL Protocol version (tdsver) MSSQL Request type (tdsreq) MSSQL Server version (tdssver) MSSQL Username (tdsuser)

MSSQL experimental MSSQL Response type (tdsres) MSSQL 1st token of a response (tdstoken) MSSQL Transaction manager request type (tdstmr) MSSQL Error code (tdserr) MSSQL Environment change type (tdsenvch) MSSQL SQL query (tdssql) MSSQL Remote procedure name (tdsrpc) MSSQL Server name (tdsservname)

MySQL fields MySQL Protocol Version (mysqlver) MySQL Server Version (mysqlsver) MySQL User Authentication Status (mysqlauths) MySQL Username (mysqluser) MySQL Authentication Method (mysqlauthm) MySQL Database (mysqldb)

MySQL extended fields MySQL Server Capabilities (mysqlcpblts) MySQL Client Capabilities (mysqlcpbltc) MySQL Error Code (mysqlerr) MySQL Command (mysqlcmd) MySQL SQL Query (mysqlsql)

NBAR2 NBAR2 App Tag (apptag) NBAR2 App ID (appid) NBAR2 App EID (appeid)

NEL NAT Src IP address (nsa) NAT Dst IP address (nda) NAT Dst port (ndp) NAT Event (nevt) NAT Src port (nsp) VRF ID (vrf)

VMware NSX Rule ID (nsx-ruleid) VM UUID (nsx-vmuuid) vNIC Index (nsx-vnicindex)

NSEL/ASA NSEL ingress ACN (iacn) NSEL ingress ACE (iace) NSEL ingress XACE (ixace) NSEL egress ACN (eacn) NSEL egress ACE (eace) NSEL egress XACE (exace) NSEL Connection ID (nfc) NSEL Event (evt) NSEL Extended event (xevt) NSEL Event time in msec (msec) NSEL Ingress ACL (iacl) NSEL Egress ACL (eacl) NSEL XLATE Src IP address (xsa) NSEL XLATE Dst IP address (xda) NSEL XLATE Src port (xsp) NSEL SLATE Dst port (xdp) Xlate Source Address:Port (xsap) Xlate Destination address:Port (xdap) NSEL User name (uname)

PostgreSQL fields PostgreSQL Protocol Version (pgsqlver) PostgreSQL Server Version (pgsqlsver) PostgreSQL Authentication Method (pgsqlauthm) PostgreSQL Username (pgsqluser) PostgreSQL Database (pgsqldb)

PostgreSQL extended fields PostgreSQL SQLSTATE Error Code (pgsqlerrc) PostgreSQL Error Severity (pgsqlerrs) PostgreSQL SQL Query (pgsqlsql) PostgreSQL Client Mesage Type (pgsqlmsgc) PostgreSQL Server Message Type (pgsqlmsgs)

Router ID Engine type/ID (eng)

Samba SMB1 Command (smb1cmd) SMB2 Command (smb2cmd) SMB2 Tree path (smbtree) SMB2 File path (smbfile) SMB2 File type (smbfiletype) SMB2 Operation (smbop) SMB2 Delete (smbdel) SMB2 Error (smberr)

Source ID Source ID (sourceid)

TLS Certificate TLS Issuer common name (tlsicn) TLS Subject common name (tlsscn) TLS Subject organisation name (tlsson) TLS Certificate validity from (tlsvfrom) TLS Certificate validity to (tlsvto) TLS Signature algorithm (tlssalg) TLS Public key algorithm (tlspkalg) TLS Public key length (tlspklen)

TLS Client TLS Client version (tlscver) TLS Cipher suites (tlsciphs) TLS Client random ID (tlscrnd) TLS Client session ID (tlscsid) TLS Extension types (tlsext) TLS Extension lengths (tlsexl) TLS Elliptic curves (tlsec) TLS EC point formats (tlsecpf) TLS Client key length (tlscklen)

TLS JA3 TLS JA3 Fingerprint (tlsja3)

TLS Main TLS Content type (tlscont) TLS Server random ID (tlssrnd) TLS Handshake type (tlshshk) TLS Setup time (tlssetup) TLS Server version (tlssver) TLS Server session ID (tlsssid) TLS Server cipher suite (tlsciph) TLS L7 proto negotiation (tlsalpn) TLS Server name/SNI (tlssni) TLS TLS server name length (tlssnlen)

TOS TOS (default: source) (tos) Source TOS (stos) Destination TOS (dtos)

User identity Source user identity (suid) Destination user identity (duid)

VLAN Src VLAN label (svln) Dst VLAN label (dvln)

VoIP SIP Call ID (scid) SIP Calling party (scing) SIP Called party (scled) SIP VIA (svia) SIP Ringing time (srt) SIP OK time (sok) SIP Bye time (sbye) SIP Stats (ssts) SIP RTP IP (srip) SIP RTP Audio (saud) SIP RTP Video (svid) VoIP Pkt Type (spt) RTCP Packets (rpkt) RTCP Octets (roct) RTP Jitter (rjit) RTCP Lost (rlst) RTP Codec (rcod) RTCP Source count (rsc)

Format {# #}

Item 1
Item 2
Item 3

Logging

Debug level
Download log file

It is highly recommended to use Info level. If you meet some problems then select Debug level, reproduce the bug, download log file and send it via bug report form. Using Debug level may cause slower run of application.