I need a little guidance with interpreting Flow Monitor.
My internal interface is eth0 and external is eth1.
If I open the Flow Monitor for both interfaces at the same time and compare them side by side, I can see corresponding bandwidth spikes in both, however, eth0 will list it by application name while eth1 just lists it as "unclassified". Why would a connection be classified on one interface and not the other?
Also, can someone please explain to me the difference between internal and external flows? Does internal indicate all traffic to and from any internal address while external only shows traffic to and from the external interface?
I'm confused as to why the external interface shows some of the same connections as the internal but not all of them. For example, applications like Lync and Windows Update are showing up on external but missing completely on the internal.
This thread was automatically locked due to age.