I can’t tell you how many times I’ve been asked the question, “I see port 80 traffic in my reports, but how do I know which websites or applications are being used?” In the past we’ve been able to use Cisco’s NetFlow NBAR to give us insight into the applications running on port 80, but it still leaves the question about what websites are being accessed unanswered. With some companies, like SonicWALL and nBox, making advancements with IPFIX (Proposed NetFlow standard) technologies, they are now exporting website URLs that can be reported on with our NetFlow and IPFIX analyzer. Let’s dive right in and take a look.
As we’ve all discovered working here at Plixer, you can’t get away with much web surfing when you’re working for the company that develops NetFlow and IPFIX analysis software, so we try and keep it to a minimum, but there will inevitably be some youtube traffic. We have both a SonicWALL and an nBox exporting URLs via IPFIX that give us insight into what is happening here on port 80 traffic.
I was interested in seeing youtube traffic, so, using my favorite NetFlow and IPFIX analyzer, I clicked on our nBox and ran a Top URLs report. Then I added an Advanced ‘HTTP_URL’ Filter for ‘youtube’:
Seeing this youtube URL made me wonder if I could just copy it into my web browser and find out what was being watched and guess what? It works! The URL linked me over to the video Mike Patterson posted on youtube about our company snowmobile trip. I’m known as Crazy Paul in this video for the multiple accidents I got into on the trip… you can see more on that in the video.
Being on the cutting edge of the new NetFlow technologies and reporting on URLs with NetFlow/IPFIX is another one of the reasons our NetFlow and IPFIX analyzer is best at NetFlow solution.