Monitor Pokemon Go Network Traffic
So there I am monitoring my network with NetFlow and a wild application appears! Pokemon GO hit the scene last week and it’s quickly becoming one of the most popular applications to hit networks. Most network professionals are interested in seeing what applications are in their environment and who is using them. In the spirit of catching them all, I set out to find Pokemon GO network traffic with NetFlow.
Find What Sets it Apart
When a new application comes out or there is something specific that I’m looking for, I will look for a common point—something that sets it apart from other traffic.
To do this, I took my phone and connected it to our wireless network. Then to make sure that all of the applications traffic is flowing through our wireless, I removed my phone from its data plan and made sure Pokemon GO was the only application running.
From there, I simply ran a default report off of our Flow Collector from the viewpoint of our wireless device and added a filter for my phone’s IP.
Well, I see traffic, but how can I be sure that it’s tied to Pokemon GO? I see a lot of Google- and Facebook-based IPs.
Use DNS if Possible
This is where the Fully Qualified Domain Names (FQDN) would come in handy. Luckily the FlowPro Defender can give us that information.
Now with this report I can quickly see the top talker during my Pokemon GO session. The Destination FQDN I was reaching to the most was pgorelease.nianticlabs.com. This makes sense since Niantic is the company that produces Pokemon GO.
Using this new information, I can start searching my network for others playing Pokemon GO by simply adding the FQDN as a filter.
Wow! Look at all the trainers on my network.
Look again at the first couple of images. You can see that there are many different connections being made. Google API gets involved for mapping, Facebook servers are in use, etc. Determining total traffic used by this application could be a tough one, but now that we have a common point to search for, we should be able to trend the users’ traffic and see if there has been an increase in their average traffic over a period of time.
Check Other Network Devices
This is why I love Netflow: the discovery, the questions that arise and problems it can help me solve. With the data I have found, I can take the elements and harness the power of my other devices on the network.
Using my wireless, now I can see where the traffic is coming from, as well as which AP and which SSID are involved.
Since my WLC is exporting the layer 2 information, I can even grab the MAC address, so now I know what devices are involved.
As you can see, using NetFlow to keep track of your network can be super effective. By building custom reports and adding in specific filters, I can take what seems like a very large task and make it quick and easy.
To learn more about using Scrutinizer or to give the FlowPro Defender a try in your own environment, reach out to our Plixer Team.
Happy hunting!
