One of the most difficult aspects of analyzing network traffic is that so much of today's network traffic is web traffic riding on either port 80 (HTTP) or port 443 (HTTPS). When you analyze network traffic using a technology like NetFlow, sFlow, JFlow, or IPFix, the protocol tells you (among other things) the source and destination addresses, the protocol (TCP, UDP, etc), and the source and destination port numbers - but not the application.
There are a few ways of getting around this. The latest version of the Orion NetFlow Traffic Analyzer (NTA) leverages one of these methods by allowing you to assign addresses to port and address groups, ranges, and combinations. For instance, you may say that any HTTP traffic for the address range of 188.8.131.52/24 is Exchange OWA traffic while HTTP traffic to 10.199.1.0/24 is Intranet traffic.
This latest version of Orion NTA that we've produced here at SolarWinds also includes several performance/scalability enhancements and some great new features that make it much easier to understand the data that NTA is telling you about your network traffic. As always, you can download all of the SolarWinds applications from http://www.solarwinds.com and try them out for free...
Follow me on Twitter