User’s Guide – version 3.5

NetFlow Tracker

Protocol

You can restrict the set of IP protocols considered. For example, you may want to consider only UDP or ICMP traffic while investigating a denial-of-service attack.

Source port

The source port filter restricts the source application port number; it should be used in conjunction with the protocol filter.

Dest port

This restricts the destination application port number.

Src/dest port

This filter will consider traffic with the given port number as either the source or destination.

Source application

The source application filter restricts the IP protocol and source application port number. You can enter a port number and protocol manually or you can select from the configured in the IP Application Names settings page.

Dest application

This restricts the protocol and destination application port, selectable by name.

Src/dest application

This filter considers traffic using the given application as either the source or destination.

Recognised application

This filter selects traffic with the given source or destination application. Whether the source or destination application is considered depends on whether it has a name defined in the IP Application Names settings page, or if both or neither have names, whichever has the lower port number.

Identified application

This filter selects traffic with the given identified application. In order for applications to be identified the NetFlow device must support the functionality and its identified application mapping must be configured in Device Settings.

ToS

You can report only on traffic bearing any one of a set of type-of-service byte values. You build the ToS byte value by picking the priority and the minimize delay (D), maximise throughput (T), maximise reliability (R) and minimise monetary cost (M) flags. If you leave the priority or any of the flags empty then only the fields you supplied a value for are considered. Thus you can match traffic of a given priority with any flags, or with particular flags set or unset but any priority and any values for the other flags.

33

Page 33
Image 33
Fluke Computer Accessories Protocol, Source port, Dest port, Src/dest port, Source application, Dest application, ToS