Flow Table Reports
Flow table reports contain various information on the traffic flows passing Threat Defender. Using Threat Defender, you can generate plain flow table reports and anonymized flow table reports that do not contain IP addresses (see Flow Table Reporting).
The following table contains the content of flow table reports in the order they are reported.
Column Header |
Description |
|---|---|
|
ID of the processing thread. It starts at |
|
VLAN tag assigned to the flow. If the flow has no VLAN tag, this entry is |
|
Source IP address of the flow. In anonymized reports, these entries are hashed. |
|
Source port of the flow. |
|
Destination IP address of the flow. In anonymized reports, these entries are hashed. |
|
Destination port of the flow. |
|
Layer 4 protocol ID as stated in the IP header. |
|
TTL values used by the client. |
|
TTL values used by the server. |
|
Source asset of the flow. |
|
Destination asset of the flow. |
|
Tags assigned to the source asset of the flow. |
|
Tags assigned to the destination asset of the flow. |
|
ID of the user who initiated the flow. |
|
Flow ID |
|
DPI protocol used by the flow. |
|
DPI application used by the flow. |
|
Number of packets sent from the flow source to the flow destination. |
|
Number of packets sent from the flow destination to the flow source. |
|
Number of bytes sent from the flow source to the flow destination. |
|
Number of bytes sent from the flow destination to the flow source. |
|
Timestamp of the start of the flow in microsecond resolution. |
|
Timestamp of the last packet belonging to the flow in microsecond resolution. |
|
Timestamp when the flow was last checked for timeout eviction. |
|
Timestamp of the last flow table update in microsecond resolution. |
|
Amount of time left in microseconds before this entry is evicted. |
|
Total amount of time in microseconds that this entry is allowed to persist. |
|
Queue number where this entry is stored. |