10 Replies Latest reply on May 13, 2009 4:36 PM by freyguy

    Proxy traffic incorrectly shown as random high port traffic

      I have a proxy server which clients connect to on port 8080. It is the majority of traffic going to/from one site (confirmed by sniffer analysis).

      Orion does not show port 8080 in the top applications view even when displaying 100+ entries on the chart.

      I believe Orion is considering traffic to/from the proxy server as random high port traffic. Instead of showing TCP 8080, it is categorizing the source port (client traffic) by un-related application names.

      So instead of 8080 being shown on the top applications view, I see numerous entries for fictitous applications that are not even running on the network. 

      Here is a snippet of the conversation history of one client talking to the proxy server:

       

      10/16/2008 1:54:00 PMTCPimpera (1710)Random High Port1.288 Kbytes4 packets
      10/16/2008 1:40:00 PMTCPrrilwm (1695)Random High Port131.088 Kbytes118 packets
      10/16/2008 1:40:00 PMTCPslingshot (1705)Random High Port2.656 Kbytes10 packets
      10/16/2008 1:39:00 PMTCPrrirtr (1693)Random High Port2.576 Kbytes8 packets
      10/16/2008 1:25:00 PMTCPmicrocom-sbp (1680)Random High Port108.662 Kbytes100 packets
      10/16/2008 1:24:00 PMTCPprolink (1678)Random High Port2.656 Kbytes10 packets
      10/16/2008 1:18:00 PMTCPArborText License Manager (1557)Random High Port160 bytes4 packets
      10/16/2008 1:18:00 PMTCPtsspmap (1568)Random High Port160 bytes4 packets
      10/16/2008 1:12:00 PMTCPaspeclmd (1544)Random High Port2.656 Kbytes10 packets
      10/16/2008 1:12:00 PMTCPabbaccuray (1546)Random High Port2.656 Kbytes10 packets
      10/16/2008 1:12:00 PMTCPArborText License Manager (1557)Random High Port79.406 Kbytes70 packets
      10/16/2008 1:12:00 PMTCPxingmpeg (1558)Random High Port2.576 Kbytes8 packets


      Is there a way to correct this?

      P.S. - I have all ports enabled for monitoring. TCP 8080 was initially grouped in with one of the quicktime ranges but I created a separate entry called TCP - 8080 for it.