Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
398
Views
0
Helpful
1
Replies

Anomalies in Stealthwatch: IP 0.0.0.3 Generating Unrealistic Traffic

JesusAngel
Level 1
Level 1

‎06-23-2024 11:57 AM

Hello,

Stealthwatch 7.5.0 build 20240515.1517-6a87cd40f812-0.

I am encountering some really odd flows in Stealthwatch, such as this one. Just look at the bytes and bandwidth: 1.45TB (12.78Tbps). That is really fast! Not to mention that there are no packets (0 packets and 0 pps).

Obviously, this seems to be a bug or error in the tool. Has anyone experienced something similar? Any ideas on what might be causing these anomalous data and how to fix it?

Any advice or suggestions would be greatly appreciated.

quickview.png

 Thanks in advance.

Labels:
0 Helpful
1 Reply 1

DanielLarsson63527
Level 1
Level 1

‎07-30-2024 05:57 AM

Hi,

Out of curiosity...what is your configuration of your SNA deployment? (VMs, Physicals, FC, Datastores etc)

I've seen this before and then it was a bad exporter that made SNA classify the flows "wrong" based on the exporter. Going through exporter-configurations fixed it. Was a while ago so don't remember the specifics, but i think it was same flows traversing multiple flow-exporters to same flow-collectors but with different configurations.

HTH
-Daniel

0 Helpful
Customers Also Viewed These Support Documents