QoS analysis - A network provider can change QoS markings to make it more difficult to conduct DoS attacks. QoS policies can help to reduce the effects of Dos and DDoS traffic floods and keep key applications available during attacks. The first step in deploying QoS is to profile applications to determine what constitutes a normal versus an abnormal flow.
Multiple options are available for QoS with many options to build enhanced reporting using QoS values and display them as ToS, ToS Precedence, DSCP, PHB or PHB Class.
The Default MultiView already has a couple of default QoS reports
MultiViews have some pre-configured QoS analytics which can be extended by using the Top of Screen Filter button" or directly from the My Analytics > MultiView screen.
QoS values, like all Netflow Auditor Filters, can be used in include and exclude criteria.
Example Showing all Conversations by DSCP as a Forensic view and the same report filtered by PHP Gold Class
If you have long term trending then QoS can be displayed together with other Trending data.
The dropdown "Display by" will allow any existing analysis to be analyzed by QoS.
Simply select the Display and the perspective will be changed to the new QoS analytics for the current criteria.
Right clicking on any data throughout NetFlow Auditor enables drilldown into default QoS analysis or your own templates
QoS can be used in Forensics views. Forensic views allow any combination of other flow fields to be used in conjunction with QoS values.
QoS analytics can be viewed using Forensics and Converted directly into a Sankey view
Sankey Analytics can help in understanding complex QoS issues to quickly view which QoS types are being used by which IP's and Ports.
QoS Reports can be turned into Templates or into Scheduled Reports. QoS Forensics can be additionally scheduled as Threshold Alerts or Baselined and generate auto diagnostics.
Finally QoS (ToS, Tos Precedence, PHB and PHB Class) can be modified to display naming conventions more suitable to your organization.