Is possible to filter by inbound traffic? #1180
Unanswered
niltonvasques
asked this question in
Q&A
Replies: 1 comment
-
You can use |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I tried to explore the filter capabilities but I didn't found a filter to differentiate inbound from outbound traffic.
For example, I want to see all INBOUND traffic reaching HOST A, but not consider traffic coming to HOST A as a result of a outbound request. Eg:
Host A has port SrcPort 80 open and has a client talking with DstPort 37777, I want to be able to see traffic leaving and arriving at this port or any other possible open port.
Host A is accessing a site at DstPort 443 and the SrcPort is 43221, I don't want to see this traffic or any other Outbound initiated traffic.
My understand is that is not possible to achieve it with a netflow analyzer tool, but who knows.
Currently my only way to analyze is by specifing the SrcPort and SrcNetSite, but this approach doesnt cover the scenario that maybe some other port is open and I don't know.
Beta Was this translation helpful? Give feedback.
All reactions