2 Replies Latest reply on Dec 24, 2014 1:31 PM by choly

    report source destination ports

    julionavarro1414

      Hello;

       

      How I can search in Netflow the conversations and get source and destination ports?

       

      For example :

      Server A IP 10.10.10.10 is transmitting huge traffic to 3 servers (172.16.16.1, 172.16.16.2,172.16.16.3)

       

      Thank you

        • Re: report source destination ports
          jswan

          To get destination port information, use the Applications filter in Flow Navigator, or use the Top N Applications report under "Historical NetFlow Reports" in the Reports page.

           

          Unfortunately I don't think there's a way to get source port information out of NTA.

            • Re: report source destination ports
              choly

              NTA only stores one of ports. The rule is following: "Not monitored or higher port number out of tuple [src_port; dst_port] is replaced by value 0, in meaning of random high port".

              Example:

              Conversation with src_port 80 (monitored) and dst_port 16542 (not monitored) is stored as 80-0, reported as http - random high port;

              Conversation with src_port 1006 (not monitored) and dst_port 6343 (monitored) is stored as 0-6343, reported as random high port - sflow;

              Conversation with src_port 6343 (monitored) and dst_port 80 (monitored) is stored as 0-80, reported as random high port - http;

              Conversation with src_port 1006 (not monitored) and dst_port 16542 (not monitored) is stored as 1006-0 internally, reported as unmonitored application (port 1006) - random high port;