User’s Guide – version 3.5
NetFlow Tracker
72
IP Application Names
NetFlow Tracker receives application information in the form of a protocol number and
port number. These correspond directly to specific network applications. Many are
predefined (well-known ports) while others (registered ports) are defined by the
software manufacturer. NetFlow Tracker comes configured with the well-known ports
as well as many others. You can edit this list yourself with this page. By default, ports
below 1024 are not shown on this page as they normally don’t need to be changed
but, if required, these can be shown by clicking (more…) in the title of the Port column.
A comprehensive list of all the well-known and registered ports is available at
http://www.iana.org/assignments/port-numbers
.
Often, a single application port is not enough to correctly identify an application.
NetFlow Tracker also allows you to create multiple grouped applications, with each
grouped application containing multiple rules. A rule consists of at least one of a range
of IP addresses, a range of port numbers for a given protocol, a
traffic class
or an
identified application
. Traffic with the source or destination address and port passing at
least one rule is considered to be part of that application. If there is any uncertainty,
for example if two or more applications match a given piece of traffic, the highest-
precedence application is chosen. Every grouped application has a configurable
precedence, and every grouped application is of a higher precedence than every
simple, single-port application.
To define a grouped application you must first give it a unique identifier and a name;
you can then add rules to it. The application identifier is used in long-term data to
identify the application so it is not possible to change the identifier of an existing
grouped application; for the same reason please be careful about deleting grouped
applications.
DiffServ Names
NetFlow Tracker can filter and report by differentiated service code point; you can
assign names to each of the 64 code points here. The standard code point names are
already configured.
Hostname Resolution Settings
This page lets you configure aspects of the resolution of hostnames for addresses
encountered on reports. These are cached to increase reporting speed and reduce the
amount of network traffic generated by the NetFlow Tracker when generating a report.
You can change how long a resolved hostname is cached for, the default being 30
minutes, and how long a failure to resolve a hostname for a given address is
remembered, the default being 10 seconds. You can also control the size of the cache
and the number of threads used to resolve hostnames. If you find that hostname
resolution is not working, click “Defaults” to put the settings back to useful default
values. Click “Ok” to accept your changes or “Cancel” to abort.
Should you wish to clear the cache of resolved hostnames, disable resolution by
clearing “Enable hostname resolution” and clicking “Ok”, then go back into the
configuration page and enable resolution again by checking “Enable hostname
resolution” and clicking “Ok”.