Score:0

Getting connection details from Network Intelligence Center

mx flag

I've noticed some unexpected network activity in the Network Intelligence Center (NIC) but cannot find the details such as source ip address. Do I have to query network flow logs for this? It seems like there ought to be a drill down in NIC for this.

More details, by-request.... In the Network Topology tool I found an vm/node in our Google Cloud GCE project that was being accessed from another country with significant number for the rate of bytes transferred (out). That connection is outside the norm, hence I found it suspicious. And, I want to know more about the connection: for example, and IP address

Abhijith Chitrapu avatar
tr flag
Could you please elaborate your issue as the information provided is not sufficient. In the meantime please have a look into this troubleshooting [document](https://cloud.google.com/network-intelligence-center/docs).
mx flag
I've read all of the docs for NIC and there is no mention of how to drill down to specifics in the Network Topology Tool
Abhijith Chitrapu avatar
tr flag
Go to the Network Topology and click on them. You will get further details. As resources are shared you are experiencing activity from different regions.. Please check the [screenshot](https://i.stack.imgur.com/wxGyD.png).
mx flag
By 'specifics' I mean finding actionable information such as source ip addresses (edit: fixed misspell)
mx flag
Should I edit the question some way to make it more clear? The title says 'connection specifics'. What the NIC interface shows are generalities about connections: averages for data flow (no timing), general regions (Netherlands). These does some but little to help investigate possible security incidents.
Abhijith Chitrapu avatar
tr flag
There is no granularity below "Country" for Internet entities; see the table in this [section](https://cloud.google.com/network-intelligence-center/docs/network-topology/concepts/overview?hl=en#entities). Please check Flow Logs, VPC Firewall logs, packet captures in the instance (which, as in the case of any potentially compromised instance, have the potential to be compromised). Please raise a [feature request](https://cloud.google.com/support-hub).
mx flag
yes, I know about those things. And I have already identified the connection in other logs. This question was about NIC. I'll let someone else create a feature request for it. Thanks
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.