This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

report source destination ports

Hello;

How I can search in Netflow the conversations and get source and destination ports?

For example :

Server A IP 10.10.10.10 is transmitting huge traffic to 3 servers (172.16.16.1, 172.16.16.2,172.16.16.3)

Thank you

  • To get destination port information, use the Applications filter in Flow Navigator, or use the Top N Applications report under "Historical NetFlow Reports" in the Reports page.

    Unfortunately I don't think there's a way to get source port information out of NTA.

  • NTA only stores one of ports. The rule is following: "Not monitored or higher port number out of tuple [src_port; dst_port] is replaced by value 0, in meaning of random high port".

    Example:

    Conversation with src_port 80 (monitored) and dst_port 16542 (not monitored) is stored as 80-0, reported as http - random high port;

    Conversation with src_port 1006 (not monitored) and dst_port 6343 (monitored) is stored as 0-6343, reported as random high port - sflow;

    Conversation with src_port 6343 (monitored) and dst_port 80 (monitored) is stored as 0-80, reported as random high port - http;

    Conversation with src_port 1006 (not monitored) and dst_port 16542 (not monitored) is stored as 1006-0 internally, reported as unmonitored application (port 1006) - random high port;