Overview
This article explains the flows exported from the database. These flows can be from the CSV report or from the ODBC connector. There are some entries found in reports where both internal and external ports are shown as 0.
Find a sample report snippet below:
Figure 1.0
Information
The database(s) would struggle to handle the load if every actual flow is recorded. Flows are either identified by app_id or ports but not both:
-
When an app_id is detected, the ports are set to 0.
-
Check the reservedcolumn in figure 1.0 above.
-
When app_id is not detected that's when you see ports listed.
-
Check 0 in the reserved column in figure 1.0 above.
This allows flows between the same IPs for the same app to be aggregated. So it is working as designed.