Fluke Computer Accessories IP Application Names, DiffServ Names, Hostname Resolution Settings

Page 72

User’s Guide – version 3.5

NetFlow Tracker

IP Application Names

NetFlow Tracker receives application information in the form of a protocol number and port number. These correspond directly to specific network applications. Many are predefined (well-known ports) while others (registered ports) are defined by the software manufacturer. NetFlow Tracker comes configured with the well-known ports as well as many others. You can edit this list yourself with this page. By default, ports below 1024 are not shown on this page as they normally don’t need to be changed but, if required, these can be shown by clicking (more…) in the title of the Port column. A comprehensive list of all the well-known and registered ports is available at http://www.iana.org/assignments/port-numbers.

Often, a single application port is not enough to correctly identify an application. NetFlow Tracker also allows you to create multiple grouped applications, with each grouped application containing multiple rules. A rule consists of at least one of a range of IP addresses, a range of port numbers for a given protocol, a traffic class or an identified application. Traffic with the source or destination address and port passing at least one rule is considered to be part of that application. If there is any uncertainty, for example if two or more applications match a given piece of traffic, the highest- precedence application is chosen. Every grouped application has a configurable precedence, and every grouped application is of a higher precedence than every simple, single-port application.

To define a grouped application you must first give it a unique identifier and a name; you can then add rules to it. The application identifier is used in long-term data to identify the application so it is not possible to change the identifier of an existing grouped application; for the same reason please be careful about deleting grouped applications.

DiffServ Names

NetFlow Tracker can filter and report by differentiated service code point; you can assign names to each of the 64 code points here. The standard code point names are already configured.

Hostname Resolution Settings

This page lets you configure aspects of the resolution of hostnames for addresses encountered on reports. These are cached to increase reporting speed and reduce the amount of network traffic generated by the NetFlow Tracker when generating a report. You can change how long a resolved hostname is cached for, the default being 30 minutes, and how long a failure to resolve a hostname for a given address is remembered, the default being 10 seconds. You can also control the size of the cache and the number of threads used to resolve hostnames. If you find that hostname resolution is not working, click “Defaults” to put the settings back to useful default values. Click “Ok” to accept your changes or “Cancel” to abort.

Should you wish to clear the cache of resolved hostnames, disable resolution by clearing “Enable hostname resolution” and clicking “Ok”, then go back into the configuration page and enable resolution again by checking “Enable hostname resolution” and clicking “Ok”.

72

Image 72
Contents NetFlow Tracker Contents LONG-TERM Reports Appendix 2 CSV File Format Software License Agreement Grant of Licence and Payment of FeesCopyright Customer Remedies Confidential Information and Security User’s Guide version NetFlow Tracker Definitions Support Services Support ChargesUndertakings by You Supplier’s UndertakingsLimitation of Liability and indemnity Intellectual Property RightsTermination Confidential Information and Security MiscellaneousExceptions to Support Services Support HoursResponse Times What is NetFlow? What is NetFlow Tracker?Features and Benefits IntroductionUser’s Guide version NetFlow Tracker Installation Pre-installation ChecksMinimum System Requirements Operating System SupportInstallation on Microsoft Windows Installation on Linux Post-installation Tasks Set up Snmp community strings Set up web front-end securityConfigure your routers and switches Add listener portsUsing NetFlow Tracker Device traffic meters InterfacesWorking with Charts Changing the displayed chartChart legend Per-AS dataView a standard chart as a pie chart View a standard chart as a tabular reportZooming Zooming outAlter the filter applied to a standard chart Export a chart to another applicationPrint the chart Open the chart in a new windowWorking with Pie Charts Working with Tabular ReportsSort a tabular report Examine a single rowReport Templates Address ReportsSession Reports QoS Reports Network ReportsCreating Filtered Reports Interface ReportsTraffic Identification Reports Other ReportsReport template Sample sizeSource data Start timeTime zone Source deviceInterface Out interfaceProtocol Source portDest port Src/dest portDiffServ Traffic classSource AS Dest ASLong-term Reports Devices and InterfacesPer-device and Per-interface Long-term Reports Filter EditorUser’s Guide version NetFlow Tracker Reports Report URL Format General FormReport Format Parameters 0023 00240025 0026Chart PieNumber TrueFeatures Sections128 256Time Range Parameters Millis HourDay WeekTime range will extend for this number of units Calendar-based advancedHHmm Applying a time-of-day mask to the time rangeDay1-day2/time1-time2 110 105100 113115 120140 125285 300Minute DailyFilter Parameters Name Addr1-addr2Port1-port2 Port/name Port/numberPort1-port2/name Port1-port2/numberPrec TosPrec%20tos CodeAddr/mask MaskPassword Security ParametersUsername Management Portal Access Control Parameters SecretNull VPN Out VPN Chart scrollbar Chart selection headersFilter Editor button, if applicable Refresh and Resolve All buttons, if applicablePerformance Tuning Database Server SettingsDisk Speed Query SizeConfiguration Guide Snmp SettingsLicensing Listener PortsDevice Settings Device SettingsDevice List Sampled Data Scaling Security Settings VPNsManagement Portal Settings Http//proxy/tracker1/report1Http//tracker1/report.jsp?portalsecret=secret&aclif= Http//proxy/tracker1/report.jsp?portalacl=Using Apache as a Portal Server RewriteEngine OnRewriteRule /tracker1/.*$ http//1.2.3.4/$1 P,L,QSA ProxyPassReverse /tracker1/ http//1.2.3.4Report Settings General SettingsReal-time Reports Saved Filters Scheduled ReportsLong-term Reports Executive Reports Span class=repdesctextTest/span Nelements=5 and chartWidth=400 ContentSub-reports User’s Guide version NetFlow Tracker Hostname Resolution Settings IP Application NamesDiffServ Names Database Settings AS NamesSubnet Names Backup Memory Settings ArchivingPerformance Counters NetFlow Data Received Traffic DescribedIgnored Flows Unprocessed FlowsetsAbout No In InterfaceAppendix 1 Device Configuration Enabling Netflow Export on an IOS DeviceIp cef Ip flow-export destination addressIp flow-cache timeout active Ip flow-cache timeout inactiveShow ip flow export Show ip cache flow Show ip cache verbose flowIp route-cache flow infer-fields Mls netflowMls nde sender version Mls aging longUser’s Guide version NetFlow Tracker Set mls bridged-flow-statistics enable vlanlist Set mls nde enableSet system name name Set mls nde addressFlow-sampler-map allflows mode random one-out-of 1 exit Enabling Flow Detail Records on a Packeteer DeviceEnabling NetFlow on an Enterasys Device Chart CSV format Pie chart CSV formatAppendix 2 CSV File Format Tabular report CSV formatChart XML format Pie chart XML formatAppendix 3 XML Format Tabular report XML formatAppendix 4 Third Party Software Components JspSmartUpload Quartz