We get a lot of questions from customers who try to query traffic or flows for a domain name and are unable to get it.

For example : this customer tries to query for all flows to gmail.com

This article explains why it may not always be possible to get what you want.

The main issue is that Netflow is a L3 technology primarily hence it works with IP Addresses rather than domain names. A quick overview of the differences between URL, Domain names, and IP Addresses is in order.

A URL (Uniform Resource Locator) is the address used to access resources on the internet. It specifies the location of a resource and the protocol used to access it. It looks like this https://www.example.com/about-us?id=23

A URL typically consists of several components:

• Protocol: Indicates the method used to access the resource (https).
• Domain Name: The human-readable address (the domain name) of a website (example.com).
• Path: Specifies the exact resource or page within the website (/about-us)
• Parameters: Optional query strings used to pass additional information (?id=23).

A domain is a specific part of the URL that identifies the website.

Domains are registered through domain registrars, and they are unique to ensure that each website has a distinct address.

Ultimately the endpoint is an IP address

. The DNS protocol is used to convert a domain name into an IP Address. An IP Address looks like this 102.42.38.231.

For example,

In URL: https://www.example.com/site_login

• https is the protocol.
• www.example.com is the domain name
• www denotes web addresses and subdomain of example.com
• .com`, `.org`, `.net is the Top-Level Domain (TLD)
• example is the Second-Level Domain (SLD)
• site_login is the path
• DNS converts www.example.com into IP addresses like 102.42.38.231

In NetFlow Analyzer, We can monitor the traffic through IP addresses of that URL such as