Let’s say that you are looking for information regarding network traffic taking place between company workstations and an application server; we’ll call it acmeapplication.com. You know that acmeapplication.com is using random port numbers to send downloads back to the workstations making the requests.
When using NetFlow analysis software to monitor network traffic, you may see lots of HTTP port 80 conversations with the assistance of the Conversations filter, but nothing showing the random ports used by acmeapplication.com, as demonstrated below.
However, if you change the filter to report on Connections for the same interface, you can see the source/destination ports used by both workstations and acmeapplication.com.
As shown below, Scrutinizer’s connection report summary will provide both the well known port and random port used during that conversation session to acmeapplication.com.
So if you are looking to expand on your network traffic monitoring and would like more information on customizing ports used by applications, check out Mike’s blog on How to Set up Application Groups.