With remote workers becoming more and more common, collaboration software is being leveraged by more organizations. Monitoring Cisco WebEx traffic in your network can offer some insights into collaboration usage trends over time.
Next Generation Network-Based Application Recognition Protocol (NBAR2)
If your networking infrastructure supports the NBAR2 protocol and you are running Protocol Pack 41.0.0 or later, then you are already seeing WebEx as its own application family. They will appear (after being detected) as “webex-media,” “webex-audio,” and “webex-video.”
If your network infrastructure doesn’t support NBAR2, you can still get the classification for WebEx communications.
Custom Application Build
A custom application to monitor WebEx requires two parts. The first part is building a custom IP Group with the target addresses of the application. Thankfully, Cisco is good about publishing the IP information for WebEx.
Build the IP Group
From the NetFlow settings page, scroll down to IP Address Groups.
Build a new group and add the addresses.
These are rarely small lists, so we’ve expedited the process by attaching a file you can import. See the attachment below. If you choose to import it, be sure to “append” to the existing list of IPs.
Build the Multi-Port Application
The last step for building the custom application is configuring the ports for traffic matching. From the NetFlow settings page, select “Application and Service Ports.”
Click “Add Application” and give it a name, enter “80, 443. 5004, 9000” in the port list, and select Cisco Webex in the Destination IP Address.
Submit all your changes.
Now the new custom application will show up in your Flow Navigator.
Using IP groups to distinguish application traffic is a simple way to pull out a clear view of some application services, and can offer you insight you can act upon. Discuss your experiences with custom applications below!