Ever wonder what ports an application or process is using on the server?  Here is a useful trick that you can in turn use to setup application groups in your NetFlow collector.

If you want to find out what application is attached to a particular port on a server, you can run: netstat –nbt

You may need to pipe to a file: netstat –nbt

netstat-nbt

The –n is much faster because it prints just ip. If you use: netstat –bt it will try to resolve IPs.  Type in “netstat ?” to see all the options.

Setup the Application Groups
Loaded with the IP(s) and port(s) used by the application, go into Scrutinizer and define an application group:

applGroupMaximizer

Veryify the Reporting

Go into Scrutinizer and run an Application report.

applGroupMaximizerReport

That is all there is to it.  This report can be a big help in network traffic analysis.

Mike Patterson author pic

Michael

Michael is one of the Co-founders and the former product manager for Scrutinizer. He enjoys many outdoor winter sports and often takes videos when he is snowmobiling, ice fishing or sledding with his kids. Cold weather and lots of snow make the best winters as far as he is concerned. Prior to starting Somix and Plixer, Mike worked in technical support at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix which later became Plixer.

Related

Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply