After checking the ASA for all traffic, it only lists 3 IP protocols, all of which we have defined in our netflow sensor but "other" still shows up on the toplist as a large portion, how do we get this to show up in a more granular, defined fashion?
Article Comments
We have done that however what is weird is that in the "other" does not have a position in the toplist.
In the toplist table, the position is "Other" (instead of 1, 2, 3, etc.) and the Source IP, Source Port, Destination IP, Destination Port, and Protocol are all blank. The only other column that is populated is Bytes.
Dec, 2010 - Permalink
'Other' in Toplists means everything which normally is beyond the limit of entries in the a toplist. It is a bit more tricky with TopProtocols as this one relies on the protocols supplied by the sensor, so this toplist can only use the Protocols identified by the sensor. Those protocols not identified by sensor will be categorized as 'Other'.
Dec, 2010 - Permalink
Would this also be related to "Top Connections" as well, as I am have the same a similar issue with trying to identify traffic that falls into the "Other" Catogory, when looking at top connections. Thanks.
Dec, 2010 - Permalink
Again, 'Other' in the TopConnections means the summary of all entries beyond the limit (default: 100) of entries in the TopConnections-List. 'Other' in TopProtocols however most likely means a protocol which doesn't match with the protocols detectable by the Sensor itself.
Dec, 2010 - Permalink
Hello,
as for the 'Other' in TopProtocols, you could check the Netflow Sensors settings, if the 'Detailed' option on the protocols is already enabled. If not, please try if this brings more details. If the details are already enabled, you would have to enable the LogStreaming to write the sensors findings into a log, which you could then analyze and use for a Custom Netflow Sensor with your own channel definitions.
Best Regards.
Dec, 2010 - Permalink