Flow Monitoring is a traffic analysis tool that provides a detailed view of the traffic to and from protected virtual machines. When flow monitoring is enabled, its output defines which machines are exchanging data and over which application. This data includes the number of sessions and packets transmitted per session. Session details include sources, destinations, applications, and ports being used. Session details can be used to create firewall allow or block rules.
You can view TCP and UDP connections to and from a selected vNIC. You can also exclude flows by specifying filters.
Flow Monitoring can thus be used as a forensic tool to detect rogue services and examine outbound sessions.
Configure Flow Monitoring
Flow collection must be enabled for you to view traffic information. You can filter the data being displayed by specifying exclusion criterion. For example, you may want to exclude a proxy server to avoid seeing duplicate flows. Or if you are running a Nessus scan on the virtual machines in your inventory, you may not want to exclude the scan flows from being collected.
Procedure
1. Log in to the vSphere Web Client.
2. Select Networking & Security from the left navigation pane and then select Flow Monitoring.
3. Select the Configuration tab.