Why is my server being flagged for P2P activity?

Scrutinizer is an enterprise/business class NetFlow and sFlow analysis tool. Scrutinizer provides historical trends of the company's critical network interfaces as well as the details on:

Who: The end system causing the traffic
What: The application/protocol that is being used
When: The time frame it has been occurring for
Where: The network connection that is affected

Moderators: scottr, Moderator Team

Post Reply
User avatar
Site Admin
Posts: 73
Joined: Wed Dec 10, 2008 5:08 pm

Why is my server being flagged for P2P activity?

Post by nathanh » Thu Dec 11, 2008 2:58 pm

The Flow Analytics P2P algorithm is designed to look for specific traffic patterns that match the behaviors of a P2P client.

Sometimes Exchange servers and file servers can trigger this flag.

If you have studied the flows that are associated with that flag, and you are sure it's a false/positive,
you should consider excluding that server so you don't continue to get alerts on that device.

Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 1 guest