Flowmon DDOS report mechanics
How are calculated values in the DDOS defender pdf reports
What is a correlation between All traffic chart and partial statistics graphs in the Flowmon DDoS Defender pdf report?
|Steps to Reproduce:
Flowmon DDOS defender use two different types of visualization.
1. Traffic graph - provides characteristics for overall long term traffic levels (bps, pps). Use rrd based database with 30s granularity. (Similar to a data in FMC)
2. Statistics visualization - provides time visualization for partial statistics. Use stream in memory processing during attack. Results are stored in Defender database.
Each of triggered method (All, TCP_SYN, etc.) use traffic graph type, shows info related to wider time frame around the attack. Bit/s are for all traffic which match Segment definition.
Data for graph chart are available from time of flows are collected.
In this section you can find partial statistics with related charts for all different characteristics. This part uses the Statistics visualization. Statistics part contains table of calculated values which is in TopN format. This calculation starts after attack triggering and computing of the attack signature. Because for correct calculation it requires several definitions from the beginning of the attack.
Statistics with port definition
Statistics are aggregated as average value.
Statistics data calculations contains internal performance optimization required for long time and complex DDoS attacks. It may cause lower level of values for very short attacks (less than 60 seconds). This behavior is expected, and it is given by difference of attack trigger and possible calculation start.
Goal of this is not show live value traffic but primary level of the attack to considering.
|Zendesk links or other external links that could help with this. Full URL.