Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
688
Views
10
Helpful
4
Replies

Cisco Stealthwatch identification of traffic direction

Go to solution
NetworkingGeek1
Level 1
Level 1

‎01-11-2023 03:39 PM

Hello community,

I have a question how to identify traffic direction in Cisco Stealthwatch web interface. If open "Analyze" -> "Flow search" -> "Flow" there are: "Subject Bytes", "Total Bytes" & "Peer Bytes". So, total bytes is pretty straightforward, it's for both inbound and outbound traffic direction. But what about "Subject Bytes" for example? Does it mean how much traffic was sent by this particular host (subject) or how much traffic was received? The same question for "Peer Bytes". I didn't find clear information in Cisco documentation about it.

Thank you in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marce1000
VIP
VIP

‎01-12-2023 01:26 AM

 

 - In the Cisco Stealthwatch web interface, the "Subject Bytes" column represents the number of bytes sent by the host specified as the "subject" in the flow search. The "Peer Bytes" column represents the number of bytes sent by the host specified as the "peer" in the flow search. So Subject bytes is outbound and Peer bytes is inbound.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

View solution in original post

4 Replies 4

Go to solution
marce1000
VIP
VIP

‎01-12-2023 01:26 AM

 

 - In the Cisco Stealthwatch web interface, the "Subject Bytes" column represents the number of bytes sent by the host specified as the "subject" in the flow search. The "Peer Bytes" column represents the number of bytes sent by the host specified as the "peer" in the flow search. So Subject bytes is outbound and Peer bytes is inbound.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Go to solution
NetworkingGeek1
Level 1
Level 1
In response to marce1000

‎01-12-2023 02:37 AM

@marce1000  Thank you for the reply. I also think like this. I just wanted to find any official document from Cisco or at least any other article to make sure.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎01-12-2023 01:38 AM

Hello,

I did a quite extensive search, hard to find anything at all that explains what 'Subject Bytes' actually are. I did find a document (see screenshot attached and link (click to the second slide). It looks like 'Subject' is the same as 'Host' and  'Peer' is the remote target. Which makes sense when one thinks about it logically I guess...

https://cisco.bravais.com/s/sGlVq9gK1COlRf8g7lgv

Preview file
264 KB

Go to solution
NetworkingGeek1
Level 1
Level 1
In response to Georg Pauwen

‎01-12-2023 02:39 AM - edited ‎01-12-2023 02:39 AM

Hello @Georg Pauwen  Thank you. I wanted to find out what does 'Subject Bytes' mean for Subject in terms of if it's inbound or outbound traffic.

0 Helpful
Customers Also Viewed These Support Documents