Guide
Start typing to search…
  1. Report types
  2. Network Observability Analytics (NOA) reports

Top Talkers

Top Talkers is a powerful network analytics tool that identifies the hosts generating the largest volume of network traffic within a defined time window. It provides a near real-time view of which entities are consuming the most bandwidth, receiving the most packets, or contributing disproportionately to overall network load.

More network observability and analytics tools coming in this project will enable you to investigate network issues easier than ever before.

Key Capabilities

Traffic Ranking

Ranks sources or destinations by volume (packet count), showing which hosts are most active.

Flexible Dimensions

Supports multiple breakdowns - source IP and port, destination IP and port and protocol.
Example: Use the Destination IP dimension to view top 10 destinations from the selected subnet receiving the most traffic from various sources.

Time-bound Analysis

Specifies a time range with a granularity of 5 minutes or several predefined periods (e.g. yesterday, last 7 days, etc.)

Real-Time Visibility

Provides live updates with a time interval of 5 minutes.
You can access Top Talkers from the Reports > Prolexic > Top Talkers page under the Control Center global menu. See How to use reports for more information.

Top Talkers offers three distinct dashboards:

  • Overview
  • Time Series
  • Drill Down

Filtering

Start with the Select filters tab, where you choose the data that you want to view.

Required filters

Date range - The time range for which the data will be displayed.
Security Configurations - The security configurations for each unique datacenter asset. One or more can be chosen.
Protected Prefixes - The network subnets protected by Prolexic for each Security Configuration. The data in Top Talkers is displayed for these selected subnets.
Dimensions- Choose one or more specific attributes used to classify, group, or break down network traffic so you can understand who is generating it, where it is going, and how it behaves:

  • Source IP - which hosts generate most traffic
  • Destination IP - which targets receive most traffic
  • Source IP + Destination IP - which traffic passes between specific hosts
  • Ports - which applications dominate the traffic (either received or sent)

Optional filter

Rows - Number of top talkers to display, up to 20.

You can also access the network data for each dashboard using these methods:

  • Download a CSV file from each dashboard
  • Display API calls to consume the data for a specific dashboard.

Dashboards

Overview

This is the most important section, providing the main view of Top Talkers. The overview displays Top 10 traffic consumers for a chosen time range, security configuration, and specific dimensions sorted by traffic volume (amount of network packets). The following components are always present:

  • Flow ID - The unique identifier of the flow representing the specific top talker.
  • Packets Count - Number of packets visible for the specific top talkers.

All the other columns depend on the selected dimension. Selecting a dimension generates the top 10 entries from the chosen perspective, visualizing which hosts are generating or receiving the traffic and which protocol and application it belongs to. You can combine dimensions to provide the desired level of detail, depending on the use case. For instance, if a Source IP dimension is used the table will return Top 10 Source IP addresses that connect to any of the destinations for selected network prefixes.Dimensions allow you to choose the perspective that you are interested in:

  • Source IP
  • Source Port
  • Destination IP
  • Destination Port
  • Protocol

Top Talkers Over Time

The Time Series dashboard represents the data from the Top Talkers Overview dashboard on a chart. It visualizes the data to help identify anomalies. Visualization is performed on the basis of the Flow ID dimension from the table.

The chart provides the option to disable/enable specific flows from the Overview table. This helps you to focus only on traffic flow that you are interested in. The data granularity for the graph is 5 minutes.

Drill Down

Drill Down dashboard enables a deep dive into a specific traffic flow. You can copy any ID, Source IP, or Destination IP from the first dashboard to add to the filter to display additional flow details (e.g. ports or protocols).

Use the drill-down dashboard to view a single flow (in this case, by source IP) and receive more details about it, such as which destination it connects to and what ports / protocols are used for that flow. By default, the Drill-Down table displays the first entry from the Overview dashboard.

For example, if you use the Source IP dimension, the dashboard displays the source IP addresses generating the most traffic for any destination in the selected network prefixes protected by Prolexic.

Samples

Top Talkers relies on sampled flow data (sFlow). The number of flow samples used for the traffic analysis is displayed at the bottom.

Updated about 4 hours ago