View DNSWatch Connections

When a victim computer connects to the DNSWatch Blackhole Server, the Blackhole Server collects details about the connection for analysis. For more information, see About DNSWatch Blackhole Servers.

The DNSWatch Connections page shows all connections associated with all alerts in your account. The Connection Information page shows the information the DNSWatch Blackhole Server collected for the connection. For each connection, you can see the connection details and go directly to the alert associated with the connection.

Connection information includes:

  • Netflow data
  • Initial Connection Bytes
  • Parsed Protocol Details

On the Connections page, a warning icon ()in the Destination Port column indicates that the connection used a nonstandard port and protocol combination.

To see a list of all connections denied by DNSWatch:

  1. Log in to your DNSWatch account.
  2. Click Report > Alerts.
    The Alerts page opens.

Screen shot of the Alerts page with the connections link circled

  1. At the top of the Alerts page, click connections.
    The Connections page opens.

  1. To see the details for a connection, in the Actions column, click View.
    The Connection Information page opens.

Screen shot of the Connection Information page

  1. To see the alert details for the alert associated with the connection, click the link at the top of the page.
    The alert details page opens.

See Also

Manage DNSWatch Alerts