Blog :: Network Operations

Monitoring Microsoft Teams traffic with Plixer Scrutinizer


The modern workplace is filled with companies working largely over inter-office messaging systems. These tools often leverage several different functions aside from chatting, such as video conferencing and file sharing. What was once just a small tool could now potentially be sucking down your office’s bandwidth. In this blog post, we’ll take a look at Microsoft Teams. Since this tool is now coming included in Microsoft Office’s standard line-up, its presence is becoming more and more common on corporate networks.

During a switch between inter-office messaging products, a company may be wondering if Teams is the bandwidth hog. Using Plixer Scrutinizer, a company could determine if Teams is indeed the issue, or if it’s another application. Many devices already export NBAR traffic, which is a great start to identify what tools are sucking down the bandwidth on your network; however, Scrutinizer can also set custom parameters for applications. Defining these applications allows you to monitor traffic specifically related to those applications.

Data from monitoring Teams traffic has other uses as well, such as monitoring employee working hours. As many companies have transitioned to a work-from-home kind of environment, it can be hard to tell what hours people are working, and HR and supervisors can no longer just glance around a room to tell when people are working. The other main topic to watch for is Teams Traffic bloating and using more than it should be. This kind of traffic could be something else running on your network trying to disguise itself as harmless video conferencing traffic. According to the Microsoft documentation on Teams, the tool is supposed to be pretty lightweight; even group calls should only be 2Mbps.

For more information on securely using Microsoft Teams, they have published a security guide on the topic. Their internal documentation discusses how they mitigate denial-of-service attacks and eavesdropping, as well as how admins can secure Teams to help protect end users.

In Plixer Scrutinizer, the Teams application can be defined by going to the Admin tab, then going to Definitions and selecting Applications from the dropdown. In the modal that appears, you will be prompted to enter a name of your choice for the application, then define ports used and IP addresses. In this particular case, we can get the list for Teams from Microsoft directly or look at the quick reference table below. Microsoft has also specified that Teams traffic is over port 80 and 443. Once that application has been defined, a filter can be applied to include only or exclude Teams traffic on any given report that includes applications.

Note: These same principles can be applied to other services as well such as Office 365, Zoom, Slack, or other types of traffic that can be monitored via IP ranges and port numbers.

AddressesPorts,,,,,,, 2603:1027::/48, 2603:1037::/48, 2603:1047::/48, 2603:1057::/48, 2620:1ec:6::/48, 2620:1ec:40::/42  TCP:80,,,,, 2603:1027::/48, 2603:1037::/48, 2603:1047::/48, 2603:1057::/48, 2620:1ec:6::/48, 2620:1ec:40::/42  TCP:443,,,,, 2603:1027::/48, 2603:1037::/48, 2603:1047::/48, 2603:1057::/48, 2620:1ec:6::/48, 2620:1ec:40::/42  UDP: 3478, 3479, 3480, 3481

If you are interested in monitoring Teams traffic, consider using Plixer Scrutinizer.