Ever wonder what ports an application or process is using on the server?  Here is a useful trick that you can in turn use to setup application groups in your NetFlow collector.

If you want to find out what application is attached to a particular port on a server, you can run: netstat –nbt

You may need to pipe to a file: netstat –nbt

The –n is much faster because it prints just ip. If you use: netstat –bt it will try to resolve IPs.  Type in “netstat ?” to see all the options.  

Setup the Application Groups
Loaded with the IP(s) and port(s) used by the application, go into Scrutinizer and define an application group:

 

Veryify the Reporting

Go into Scrutinizer and run an Application report.

That is all there is to it.  This report can be a big help in network traffic analysis.

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter Tags: application groups, NetFlow Collector, Network Traffic Analysis

This entry was posted on Wednesday, October 21st, 2009 at 3:57 pm and is filed under NetFlow. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.