Session Report Group

Flow Forensics Reports › Flow Forensics Report Types › Session Report Group

Session Report Group

The Session Flow Forensics reports have the following fields.

Report	Router Addr	Interface In	IP Protocol	Src Addr	Src Addr (IPv6)	Src Port	Interface Out	Dest Addr	Dest Addr (IPv6)	Dest Port	ToS	Bytes	Rate (Bits)	% Total (Bytes)	Flows	Flow Duration	Pkts	Rate (Pkts)	% Total (Pkts)	Engine	Application
Client-Server Sessions			Y					Y		Y		Y	Y	Y	Y		Y	Y	Y
Conversation Sessions	Y	Y	Y	Y				Y		Y	Y	Y	Y	Y	Y	Y			Y
Conversation Sessions (NBAR2)	Y	Y	Y	Y		Y		Y		Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y	Y
Conversations			Y	Y		Y		Y		Y		Y	Y	Y	Y		Y	Y	Y
Conversations (IPv6)			Y		Y	Y			Y	Y		Y	Y	Y	Y		Y	Y	Y
Conversations (with Interfaces)	Y	Y	Y	Y		Y	Y	Y		Y		Y	Y	Y	Y		Y	Y	Y
Destination Applications			Y							Y		Y	Y	Y	Y		Y	Y	Y
Destination Endpoints			Y					Y		Y		Y	Y	Y			Y	Y	Y
Protocols			Y									Y	Y	Y	Y		Y	Y	Y
Server-Client Sessions			Y	Y		Y		Y				Y	Y	Y	Y		Y	Y	Y
Source Applications			Y			Y						Y	Y	Y	Y		Y	Y	Y
Source Endpoints			Y	Y		Y						Y	Y	Y	Y		Y	Y	Y

Client-Server Sessions

Displays the volume, rate, and percent of total inbound bytes and packets. Also displays the flow count of each session that had a unique combination of the following values:

Source and destination address.
Destination port.
IP protocol.

Conversation Sessions Report

Displays the volume, rate, and percent of total inbound bytes and packets. Also displays the flow count and cumulative flow duration of each conversation session that had a unique combination of the following values:

Router address
Inbound interface
Source address and port
Destination address and port
ToS
IP protocol

Conversation Sessions (NBAR2) Report

Displays conversation session traffic and identifies any NBAR2 (Next Generation Network-Based Application Recognition) data that is included. The report table includes a row for each unique combination of the following values:

IP address of the router that sent the data
Name of the interface that received the data
IP protocol for the data
IP addresses and ports of the source host and destination host in the conversation
Type of service
Volume, rate and percentage of total traffic that the data represents, shown bytes (or megabytes, kilobytes) and packets
Flow count
Total duration of the flows in the row
NBAR2 Engine name and ID
Standard NBAR2 data has "layer7 (13)" in the Engine column.
NBAR2 Application name and ID

If a router is not configured to return NBAR2 data, a zero (0) appears in its rows under the Engine and Application columns. If other columns contain a zero for the router rows, the router may not be configured to return the fields for those values.

The Application column values show the NBAR2 application name followed by the application ID. The application name is included if it is defined by the standard (not custom) NBAR2 engine. Otherwise the Application value may consist of only the application ID.

Conversations Report

Displays the volume, rate, and percent of total inbound bytes and packets. Also displays the flow count of traffic for each IPv4 address pair that had a unique combination of the following values:

Source address and port
Destination address and port
IP protocol

Conversations (IPv6) Report

Displays the volume, rate, and percent of total inbound bytes and packets. Also displays the flow count of traffic for each IPv6 address pair that had a unique combination of the following values:

Source address and port
Destination address and port
IP protocol

Conversations (with Interfaces)

Displays the volume, rate, and percent of total inbound bytes and packets. Also displays the flow count of each conversation that had a unique combination of the following values:

Router address
Inbound and outbound interface
Source address and port
Destination address and port
IP protocol

Destination Applications Report

Displays the volume, rate, and percent of total inbound bytes and packets. Also displays the flow count of traffic that had a unique combination of the following values:

Destination port
IP protocol

Destination Endpoints Report

Displays the volume, rate, and percent of total inbound bytes and packets. Also displays the flow count of traffic that had a unique combination of the following values:

Destination address
Destination port
IP protocol

Protocols Report

Displays the volume, rate, and percent of total inbound bytes and packets. Also displays the flow count of traffic that had a unique IP protocol.

Server-Client Sessions Report

Displays the volume, rate, and percent of total inbound bytes and packets. Also displays the flow count of each traffic session that had a unique combination of the following values:

Source address and port
Destination address and port
IP protocol

Source Applications Report

Displays the volume, rate, and percent of total inbound bytes and packets. Also displays the flow count of each traffic session that had a unique combination of the following values:

Source port
IP protocol

Source Endpoints Report

Displays the volume, rate, and percent of total inbound bytes and packets. Also displays the flow count of each traffic session that had a unique combination of the following values:

Source address
Source port
IP protocol