Getting connection details from Network Intelligence Center

Rondo

7/15/23, 1:53 AM

I've noticed some unexpected network activity in the Network Intelligence Center (NIC) but cannot find the details such as source ip address. Do I have to query network flow logs for this? It seems like there ought to be a drill down in NIC for this.

More details, by-request.... In the Network Topology tool I found an vm/node in our Google Cloud GCE project that was being accessed from another country with significant number for the rate of bytes transferred (out). That connection is outside the norm, hence I found it suspicious. And, I want to know more about the connection: for example, and IP address

0 + 0

google-compute-engine

Abhijith Chitrapu

7/15/23, 10:20 AM

Could you please elaborate your issue as the information provided is not sufficient. In the meantime please have a look into this troubleshooting [document](https://cloud.google.com/network-intelligence-center/docs).

Rondo

7/17/23, 4:34 AM

I've read all of the docs for NIC and there is no mention of how to drill down to specifics in the Network Topology Tool

Abhijith Chitrapu

7/19/23, 4:28 AM

Go to the Network Topology and click on them. You will get further details. As resources are shared you are experiencing activity from different regions.. Please check the [screenshot](https://i.stack.imgur.com/wxGyD.png).

Rondo

7/20/23, 7:37 PM

By 'specifics' I mean finding actionable information such as source ip addresses (edit: fixed misspell)

Rondo

7/20/23, 7:45 PM

Should I edit the question some way to make it more clear? The title says 'connection specifics'. What the NIC interface shows are generalities about connections: averages for data flow (no timing), general regions (Netherlands). These does some but little to help investigate possible security incidents.

Abhijith Chitrapu

7/22/23, 8:33 AM

There is no granularity below "Country" for Internet entities; see the table in this [section](https://cloud.google.com/network-intelligence-center/docs/network-topology/concepts/overview?hl=en#entities). Please check Flow Logs, VPC Firewall logs, packet captures in the instance (which, as in the case of any potentially compromised instance, have the potential to be compromised). Please raise a [feature request](https://cloud.google.com/support-hub).

Rondo

7/23/23, 2:28 AM

yes, I know about those things. And I have already identified the connection in other logs. This question was about NIC. I'll let someone else create a feature request for it. Thanks

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Getting connection details from Network Intelligence Center

TH: รับรายละเอียดการเชื่อมต่อจาก Network Intelligence Center

RO: Obținerea detaliilor de conectare de la Network Intelligence Center

RU: Получение сведений о подключении из Network Intelligence Center

VI: Nhận chi tiết kết nối từ Network Intelligence Center

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.