Using the updated Top Applications algorithm and gadget available in Flow Analytics v2, you can see at a glance all unwanted applications. If an application is not in your “allowed list”, it will be highlighted in yellow.
Let’s look at the traffic generated for the here-lm application. By clicking on the application name (here-lm in this example), the following window will open:
From this window, we can get the Interface and Src Address of the flow conversations, and drill down further by clicking anywhere on the line. We’ll click on the line circled in red which opens this window:
Now we can see the flow detail for this conversation to determine when this traffic was generated and by whom.
This is just one of many examples of the information available in Cisco NetFlow packets. If you’re not yet monitoring Cisco NetFlow on your network, it is certainly worth checking out. There are many free NetFlow analyzers available on the market, including Plixer’s Scrutinizer Free Edition.