Using Cisco NetFlow to find Source and Destination ports
Posted in NetFlow, NetFlow Analyzer, Scrutinizer on October 22nd, 2009 by scottr
Let’s say that you are looking for information regarding network traffic taking place between company workstations and an application server; we’ll call it acmeapplication.com. You know that acmeapplication.com is using random port numbers to send downloads back to the workstations making the requests.
When using NetFlow analysis software to monitor network traffic, you may see lots of HTTP port 80 conversations with the assistance of the Conversations filter, but nothing showing the random ports used by acmeapplication.com, as demonstrated below.
