I'm trying to find and filter out large talkers through the packet decoder that could help in reducing our license usage.
What's the best way to find these large talkers on the decoder?
Thanks.
I'm trying to find and filter out large talkers through the packet decoder that could help in reducing our license usage.
What's the best way to find these large talkers on the decoder?
Thanks.
Jeremy
You could do something like a top 10 source addresses sorted by size
Aggregate by ‘packet size’
Select ip.src
Where ip.sec exists (You could put a network zone label in here too)
Descending order
And choose 10 (or what ever count you want)
Dave
That seems simple enough, I'll give it a try, thanks Dave.
Hi Dave,
When you say 'aggregate by 'packet size'', is that the 'Summarize' field in the rule builder? If so, would 'packet count' be the correct one to select?
I don't see aggregate or packet size in the rule builder. Running 11.3.1.1
Thanks.
Jeremy
Summarize by ‘session size’
That’s what you want.
Dave
Thanks Dave, what you suggested was exactly what I was looking for.
Jeremy
You could do something like a top 10 source addresses sorted by size
Aggregate by ‘packet size’
Select ip.src
Where ip.sec exists (You could put a network zone label in here too)
Descending order
And choose 10 (or what ever count you want)
Dave