Determining Traffic Direction Across Netscope’s Bridge Manually

  1. Home
  2. Network Configuration
  3. Determining Traffic Direction Across Netscope’s Bridge Manually

Using ‘Capture Interface’ for the ‘Packet Direction Decision’ in the ‘Netscope’ side menu under the ‘Configuration’ tab will allow the actual flow of network traffic across Netscope’s failsafe-bypass network card to determine the direction as shown in Netscope’s graphs and tables as inbound and outbound. The inbound direction is shown with the word ‘inbound’ in the title of the tables and graphs within Netscope’s main network visualisation area.

Inbound Direction Picture

On this two-port network card which acts as a bridge we define the external port as the one which faces externally to the internet or external WAN. We define the internal port as the one which faces internally to your internal network/LAN.

The inbound direction would be the flow of network packets received on the external port and transmitted out the internal port. The outbound direction is the flow of packets in the opposite direction to this.

The following details how you’d determine the inbound and outbound direction before you decide which network cable goes into which port of this two-port network card. One can determine the inbound and outbound directions after plugging the cables in and viewing the network flow on the Netscope data graphs.  For example, one can see the internal/external IP addresses and source/destination ports and then swap the cables if the inbound and outbound direction is the wrong way. However determining which cable should go into which port before seeing the graphs will help in more sophisticated set-ups.

Above the two-port bypass network card on the hardware Netscope came in should be two coloured dots. The port with the green dot is the external port. The port with the yellow dot is the internal port.

In terms of internal interface names, the lower of the two numbers (i.e. ethX and ethY) would correspond to the internal port and the higher of the two numbers the external port.

The numerical order of the physical ports on the two-port bypass network card should correspond with the numerical order of the internal names for ports on this card (i.e ethX, ethY). With IBM/Lenovo rack servers such as the M5, one may get confused by the selection of the ports for the cables on the two-port bypass network card appearing not to be in order when comparing them with their internal names. One would expect them to increase in numerical order from left to right. The reason is these server’s two-port bypass cards are installed upside down.

 

 

 

Was this article helpful?

Related Articles