Grouping Traffic

NTA IP Groups (SETTINGS menu > Network Traffic Analysis > NTA IP Groups) help you organize observed traffic and visualize, analyze, and understand traffic trends.

You can group traffic to align better with site policies, partner or stakeholder focus, business units, and more.

Important: Use IP Groups to specify location ("world mapping") information for devices showing only private IP addresses. Until you associate an IP Group with private (in other words, "internal") IP addresses or address ranges, location for these device display as Unknown. Private IPs are generic and not governed by regional Internet registries (RIRs). They do not pick up or inherit location information from an Internet Services Provider.

Visualizing Traffic Location (World Map setting shown)

Visualizing Traffic Volume (Pie Chart shown)

Tracking IP Addresses, Domains, and Geography with NTA IP Groups

Examples where it is useful to divide, organize, and track traffic based on fields provided in NTA IP Groups can include:

Field

Example Use Cases

Domain Name
(Optional)

Cases where you would group by Domain Name include:

  • Checking utilization and traffic patterns of hosted services you manage that use multiple domains.
  • Providing partner domain and stakeholder level reporting.
  • Checking compliance (comparing useful traffic versus traffic without a clear business case).

Location (City, Subdivision, Country)
(Required)

Required fields. (When you add an IP group, location data is required. You can make the location more specific by adding more precise Lat/Long coordinates.)

  • Assigning country, region, or city.
  • Assigning location for device IP or IP ranges.
  • Applying location to your private (behind the firewall) IP addresses (such as those beginning with 10.x or 192.168.x).

Tip: If you don't know what location information to provide for a particular group, you can use a location service or the Traceroute utility on the IP address(es).

 

Note: By default, WhatsUp Gold associates public IP addresses with geographic (location) information reported in regional Internet registries (RIRs) (such as the enterprise or ISP authorized to use the IP Address). If you associate location information with a public IP address here, it will override the location information from RIR.

Top-Level Domain
(Optional)

  • Checking traffic between organizations, countries, or institutions.
  • Providing partner and stakeholder level reporting.

Latitude/Longitude

(Optional)

Note: Lat/long coordinates are automatically derived through a location lookup. The default lat/long for a city is typically the city's center.

IP Address (or range)

(Required)

 

Private IP addresses on your network:

  • Associate geolocation information.
  • Tag with business unit or building information.
  • Tag IPs granted to wireless clients.

One or more public IP addresses:

  • Track one or more interesting IP addresses
  • Track changes over time to the location information inherited from the ISP.
  • Track bandwidth activity.
  • Track DNS domain association(s).

Configure a Group

Tip: After you configure a group, you can use that group's name to filter reports to show only the traffic sent to or received by devices that belong to the group.

Configure an IP group:

  1. Open the NTA Applications Library (SETTINGS menu > Network Traffic Analysis > NTA IP Groups) and click 'add' ().

    The IP Group Settings dialog displays.

  2. Enter required fields.
    • Group ("group name"). Enter a name for the NTA IP group.
    • IP Range Start. (Required) Enter the first IP address for the NTA IP group range.
    • IP Range End. (Optional) Enter the last IP address for the NTA IP group range.
    • Domain. (Optional) Enter the domain that you want Network Traffic Analysis to report for the specified IP addresses. For example, yourcompany.com.
    • Top-Level Domain. (Optional) Select the domain that you want Network Traffic Analysis to report for the specified IP addresses. For example, .com or .uk.

    Tip: The way different countries specify a DNS name depends on how that country deployed their Domain Name System database. For example, commercial IP addresses in the United Kingdom typically end with .co.uk because they deployed a .co database underneath their country's top-level domain. Whereas, in Australia for commercial sites, they end with .com.au and in the United States they simply end with .com.

    • Country. (Required) Select the country that you want Network Traffic Analysis to report for the specified IP addresses. If you don't know the country, you can also use Traceroute or query an online service to get this information.
    • Subdivision. (Required) Select a region of the country (state, province, or territory, for example).
    • City. (Required) Select a city within the Subdivision (a town or village, for example). Default lat/long coordinates are associated with City.
    • Latitude. (Optional) Degrees latitude. This value is seeded by City.
    • Longitude. (Optional) Degrees longitude. This value is seeded by City.

    Note: WhatsUp Gold adds Latitude/Longitude values automatically with respect to City. (Normally, this means the Lat/Long of the city's center.)

  3. Click OK to save changes.
  4. View group data. WUG18.0.2-SP2-IMG-ADD_REPORTS_ICON

    —After a few minutes, check for the latest groups report. For example, check for IP grouped traffic data in one of the following reports:

  5. View grouped location data. WUG18.0.2-SP2-IMG-ADD_REPORTS_ICON

Tip: To change between line graph, pie chart, and world map, click report settings (WUG17.0N-SP2-REPORTS-SETTINGS-IMG) and select a graphical view. In charts, the designation "Others" includes any group that did not make the top N list.

Top Senders

Top Receiver Cities

Suspicious Connections

Top Receiver Failed Connections

Top Receivers

Top Sender Cities

Top Sender Conversation Partners

Top Cities

Top Endpoints

Top Receiver Countries

Top Receiver Conversation Partners

Top Conversations Between Cities

Top Conversations

Top Sender Countries

Top Sender Failed Connections

 

See Also

Network Traffic Analysis

Start Analyzing Your Network!

Before You Begin

NTA Features and Advantages

Choosing NTA Sources

Configuring and Enabling Collection on Sources

Creating Aggregate Sources

Aggregating Sources

Classifying Traffic by Port Number (NTA Applications)

Collector Database Maintenance

Reduce and Analyze Traffic with Advanced Filtering

Network Traffic Analysis Settings

IP Reputation Library

Listener Port, Collection, and Retention Settings