The AS Path page shows traffic from this site to the outside Internet.
Topics:
- How do I select data to show on the map?
- How do I expand AS paths?
- What controls are available on the map?
- How do I create a filter to select specific flows?
How do I select data to show on the map?
The following filter settings select traffic data to display on the map:
- Time Select a time period to display
- AS Path This button allows you to select traffic with a specified AS path. Any AS number or AS path that has been clicked on or entered on the Sentinel:Search>ASN page during this session will be offered in the list. If you want to filter on an AS path that is not in the list, navigate to the Sentinel:Search>ASN page, enter the path, and then come back to this page afterwards.
How do I expand AS paths?
Initially only the peer Autonomous Systems are shown (ASes) but where the AS node has a bold outline it can be clicked on (single-click) to expand. Relative traffic volume is indicated by the thickness of the lines. Double-clicking to drill down on an AS or a link between two ASes will take you to the Sentinel:Search>ASN page.
What controls are available on the map?
The following operations are supported on the map:
- To zoom in, use mouse wheel or use the slider control on the bottom left of the screen.
- To zoom out again, use mouse wheel or use the slider control on the bottom left of the screen.
- To pan, click on the map background, hold down left mouse button and drag. Alternatively, use the arrow controls on the bottom left of the screen, or drag the view port in the overview on the top left of the screen.
How do I create a filter to select specific flows?
The Where box is used to filter traffic queries so that only selected traffic is shown. A filter expression can be entered directly into the input box. Clicking on the OK button applies the filter. Clicking on the Clear button will remove the filter.
An easier way to construct filters is to click on the Edit button to display additional inputs used to construct the filter expression. The first input consists of a selection box containing attributes that can be compared, a selection box containing comparison operators and an input area to specify that values to be compared to the selected attribute. Clicking the Add button appends the comparison to the current filter. There are also boolean operator buttons (& and |) and bracket buttons that can be used to combine comparison expressions to form more complex filters. The filter builder only enables buttons and inputs when they are allowed in the filter expression that is being constructed. Once the desired filter has been constructed, click on the OK button to apply it.
Note: If you just want to filter on a Host or Protocol then it is easier to set the Host and Protocol filters, rather than constructing a Where filter.
A basic filter expression consists of the name of an attribute, an operator and a set of comma separated values. The allowed operators are:
- = equals
- != not equals
- ~ matches a reqular expression
- !~ does not match a regular expression
Expressions can be combined using brackets and the boolean operators:
- & boolean AND
- | boolean OR
The following examples illustrate typical where filters:
- ipsource = 10.1.1.23
- ipdestination != 10.0.0.0/24,10.0.1.0/24
- serverport = TCP:80,TCP:81,TCP:8080-8088
- sourcezone ~ research.*
- ipsource = 10.0.0.1 & ipdestination = 10.0.0.2
- ipsource = 10.0.0.1 & (sourceport = TCP:80 | destinationport = TCP:80)
- sourcezone = EXTERNAL | destinationzone = EXTERNAL
Note: The special zone EXTERNAL refers to addresses that aren't contained in any of the CIDRs specified using File > Configure.
WARNING Care should be taken if a value in a filter expression contains any of the following special characters: (, ), &, |, !, =, ~, ",', \, comma or space. If the value contains any of these characters then the whole value string can be enclosed in single or double quotes, or the special characters can be individually escaped with a \. The following examples show different ways of using the value "Research & Development" in filters:
- serverzone = "Research & Development", Sales
- clientzone = 'Research & Development'
- sourcezone = Research\ \&\ Development
- serverpath = ">>Research & Development>Data Center"
Note: Special characters typically occur because they are used in Zone or Group names when configuring Traffic Sentinel (see File>Configure). Care should be taken when filtering on zone, group or path attributes.