Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

  1. Kemp Support
  2. Knowledge Base
  3. Flowmon General
  4. Flowmon OS

How to identify session originator in flow data

Updated

 

Information

 

Summary:

Identifying session originator in Monitoring Center - Analysis. 
Environment:

Product: Flowmon OS

Version: 12.x and lower

Platform: HW, Virtual
Question/Problem Description:

Each communication session is divided into two single flows. I want to identify which IP started the communication.
Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution: There are multiple options for how to achieve that:
  • Flow start time. A lower start time means that the source IP started the communication.
  • TCP flags - flags such as SYN or RST can guide you who started the session.
  • Port numbers - a port number higher than 1024 is usually a client which started the session.
  • Based on network knowledge you can use also other flow information such as VLANs, input/output interface, and direction (ingress/egress). 
Workaround:  
Notes: The direction field is available only in flow data created by routers/switches.

Comments

In this document