Documentation forNetFlow Traffic Analyzer
Analyzing network traffic and bandwidth is a key capability of SolarWinds Observability Self-Hosted (formerly Hybrid Cloud Observability) and is available in the Advanced edition. NetFlow Traffic Analyzer (NTA) is also available in a standalone module.

Locate and block unwanted use with NTA

Consider the following scenario:

Your uplink to the Internet has been slowing progressively over the last six months, even though your number of employees, application use, and dedicated bandwidth have all been stable.

With NTA, you can easily chart the increasing usage of your different network uplinks. NPM already allows you to chart utilization, but with the addition of NTA, you can locate specific instances of unwanted use and immediately take corrective action.

  1. Click My Dashboards > Home > Summary. Check that the link to the Internet is up at your site.
  2. Under Nodes with Problems, click the specific uplink.
  3. Under Current Percent Utilization of Each Interface, you see that the current utilization of your web-facing interface is 80%.
  4. Click the web-facing interface to open the Interface Details view.
  5. Customize the Percent Utilization chart to show the last six months. You see that there has been steady growth from 15% to 80% consumption over time. There are even spikes into the high nineties.
  6. Click My Dashboards > NetFlow > NTA Summary.
  7. Under NetFlow Sources, click the web-facing interface to open the NetFlow Interface Details view.
  8. Under Top 5 Endpoints, you see that a group of computers in the 10.10.12.0-10.10.12.255 IP range is consuming most of the bandwidth. These computers reside in your internal sales IP range.
  9. Drill down into each of the offending IP addresses. You find out that each IP you investigate shows Kazaa (port 1214) and World of Warcraft (port 3724) usage.
  10. Use a configuration management tool, such as SolarWinds Network Configuration Manager, to push a new configuration to your firewall that blocks all traffic on these two ports.
  11. Within minutes, you see the traffic on the web-facing interface drop back to 25%.