Reduce and Analyze Traffic with Advanced Filtering

Advanced filters enable you to isolate traffic by protocol, domain, application, and so on. For example, the following visual demonstrates how to isolate BOOTP request traffic (in other words, client devices requesting an IP address from a BOOTP Server on their network segment).

Tip: Click the arrows button () to exclude/include the specified filter pattern.

Tip: For filtering on an IP address, you can use CIDR notation to identify a subnet of hosts from which the reports display data. For example, when you select a Sender filter type, you can specify a subnet using 192.168.11.0/24 to display information from all of the hosts in the subnet.

• Sender. Show traffic sent by the specified device. You can match a device using its host name or its IP address.
• Receiver. Show traffic received by the specified device. You can match a device using its host name or its IP address.
• Protocol. Show traffic that used the specified protocol (for example, UDP, TCP, or ICMP).
• Service. Show traffic that used the specified type of service.
• Application. Show traffic that used the specified application. The keyword must match the application name as configured in the NTA Applications Library.

Tip: You can enter a port number instead of an application name to show all traffic transmitting over a certain port.

• Sender Domain. Show traffic sent by hosts on the specified domain.
• Receiver Domain. Show traffic received by hosts on the specified domain.
• Sender Location. Show traffic sent by devices whose IP addresses are registered to a country, state, subdivision, or city.
• Receiver Location. Show traffic received by devices whose IP addresses are registered to a country, state, subdivision, or city.
• Sender Group. Show traffic sent by the specified group.
• Receiver Group. Show traffic received by the specified group.
• Sender TLD. Show traffic sent by domains that have the specified top level domain (such as .com, .net, .us, or .uk).
• Receiver TLD. Show traffic received by domains that have the specified top level domain (such as .com, .net, .us, or .uk).
• ICMP Type. Show traffic by ICMP type.
• Packet Size. Show traffic by packet size.
• Sender ASN. Show traffic by sender Autonomous System Number (ASN).
• Receiver ASN. Show traffic by receiver Autonomous System Number (ASN).
• NBAR Application. Show traffic by NBAR classified application.
• Port. Show traffic by port number.

See Also Network Traffic Analysis NTA System Overview NTA System Requirements NTA Quick Start Choosing NTA Sources Configuring and Enabling Collection on Sources Aggregating Sources Grouping Traffic Classifying Traffic by Port Number Adding Custom Labels for Type of Service (ToS) IDs Listener Port, Collection, and Retention Settings Collector Database Maintenance