Let’s say that you are looking for information regarding network traffic taking place between company workstations and an application server; we’ll call it acmeapplication.com. You know that acmeapplication.com is using random port numbers to send downloads back to the workstations making the requests.

When using NetFlow analysis software to monitor network traffic, you may see lots of HTTP port 80 conversations with the assistance of the Conversations filter, but nothing showing the random ports used by acmeapplication.com, as demonstrated below.

acmeconver

However, if you change the filter to report on Connections for the same interface, you can see the source/destination ports used by both workstations and acmeapplication.com.

As shown below, Scrutinizer’s connection report summary will provide both the well known port and random port used during that conversation session to acmeapplication.com.

acmeconnect

So if you are looking to expand on your network traffic monitoring and would like more information on customizing ports used by applications, check out Mike’s blog on How to Set up Application Groups.

Scott Robertson author pic

Scott

Scott provides Pre Sales Technical Support to the Sales team at Plixer. Scott comes from a technical support background, having years of experience doing everything from customer account management to system programming. Some of his interests include coaching youth sports programs here in Sanford, playing drums and guitar in local jam bands, and playing in neighborhood lawn dart tournaments.

Related

Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply