Ever wonder what ports an application or process is using on the server? Here is a useful trick that you can in turn use to setup application groups in your NetFlow collector.
If you want to find out what application is attached to a particular port on a server, you can run: netstat –nbt
You may need to pipe to a file: netstat –nbt
The –n is much faster because it prints just ip. If you use: netstat –bt it will try to resolve IPs. Type in “netstat ?” to see all the options.
Setup the Application Groups
Loaded with the IP(s) and port(s) used by the application, go into Scrutinizer and define an application group:
Veryify the Reporting
Go into Scrutinizer and run an Application report.
That is all there is to it. This report can be a big help in network traffic analysis.