7 Replies Latest reply on Jul 12, 2011 12:39 PM by mavturner

    Needs to Monitor Skype

    makkymirandilla

      Hi,

      We want to monitor Skype by using NTA. When I 1stcheck Skype uses 34071 port and I’ve configured NTA Application and services port to monitor Skype with 34071. But when we used a diff PC with Skype it shows that it’s a Multi-Port application (not just port 34071)

       

      Any Idea how to configure NTA to monitor Skype which is a multi port application?

      Thank you,

      Mark

       

        • Re: Needs to Monitor Skype
          morgan.doyle

          As you've discovered, Skype can use seemingly arbitrary port numbers and so it is difficult to track.

          Like a lot of P2P applications, however, it does use high port numbers (above 25000 say). If you see a lot of bandwidth being consumed on high port numbers, you could assume that it is Skype, but it could well be another P2P application such as Bittorrent.

          The presence of Skype on a network can be more accurately detected using a Deep Packet Inspection (DPI) tool.

          Even though the Skype voice data is encrypted, there exist a number of IDS signatures that reliably report on Skype control messages (such as start up, installation, new version check etc).

          These alerts clearly identity client systems that are running skype.

          Contact me if you would like some more information on that.

            • Re: Needs to Monitor Skype
              jlonon

              Does Orion have a native DPI tool or a 3rd party plugin?  I have a manager that wants a breakdown of individual computer applications that are sending web traffic over Port 80.  Thank you in advance.

                • Re: Needs to Monitor Skype
                  mavturner

                  jlonon, you want the actual application generating the traffic and not just what computer is doing it? NTA does not have this functionality, but you can export the data from NTA and manually collect netstat data (netstat -b from the Windows command line) to try and correlate this.

                    • Re: Needs to Monitor Skype
                      jlonon

                      That is exactly what I am looking for.  A tool that will tell me how much traffic was generated by Internet Explorer vs. Firefox vs. etc.  I guess you guys do not have that?

                        • Re: Needs to Monitor Skype
                          mavturner

                          NetFort relies on Deep Packet Inspection (DPI). NTA relies on flows generated from the existing network equipment. SolarWinds products do not currently have the ability to do DPI so we don't have access to the same data the NetFort product does. As you can see, they have built a nice integration with Orion.

                      • Re: Needs to Monitor Skype
                        lgkm

                        Hi jlonon,

                        I can recommend Netfort LANGuardian, which whilst being a separate product does integrate with Orion, for example you can click on an interface within Orion and see all the hosts on that interface and what they've been up to.

                        There's a demo you can look at.

                        http://demo2.netfort.com/Orion/SummaryView.aspx?viewid=1

                        I know Netfort have been working really hard to get this looking nice, and their support is among the best I've come across.

                        We've been using Orion since it was born and used NPM in the Engineers toolset before that.

                        I don't work for Netfort by the way!

                        If you have any questions let me know.

                        Simon

                          • Re: Needs to Monitor Skype
                            jlonon


                            Hi jlonon,

                            I can recommend Netfort LANGuardian, which whilst being a separate product does integrate with Orion, for example you can click on an interface within Orion and see all the hosts on that interface and what they've been up to.

                            There's a demo you can look at.

                            http://demo2.netfort.com/Orion/SummaryView.aspx?viewid=1

                            I know Netfort have been working really hard to get this looking nice, and their support is among the best I've come across.

                            We've been using Orion since it was born and used NPM in the Engineers toolset before that.

                            I don't work for Netfort by the way!

                            If you have any questions let me know.

                            Simon

                             



                             

                             

                            Thank you for the suggestion.  I will look into it.