Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA - Knowledgebase Articles > Application charts showing unmonitored multi-port traffic in Netflow

Application charts showing unmonitored multi-port traffic in Netflow

Updated August 8th, 2016

Overview

Netflow charts for application show a large amount of traffic for unmonitored multiport applications.

Environment

All NTA versions

Cause 

The ports that the unmonotored application traffic is using has not been mapped in Solarwinds. When Solarwinds recieved a flow from a device, Solarwinds only looks at the port number. It will then compares that port number to what application uses that port.

 

For example, an application call MyEmailApp that uses ports 12345 - 12350 that SolarWinds sees as unmonitored traffic. Then lets say there is a user (workstation) that is sending data through your router to some external service, an email application called MyEmailApp, using port 12346. If the port to Application mapping doesn't exist in Solarwinds then Solarwinds will always show that traffic as unmonitored because it doesn't know that port 12346 = MyEmailApp.

If you go into Settings > NTA Settings > Application and Service Ports, you can see what application has been mapped to what  port(s).

Understand also that not all traffic can or will be identified to a certain ports. Certain application cannot be map at all simply because there are so many application that can or could be used by a user and there are certain applications (Skype for example) that uses different destination ports every time its brought up, therefore making it impossible to map.

Resolution

Create a port to application map

  1. Go to Settings > NTA Settings > Application and Service Ports.
  2. Click on Add Application.
  3. Fill in the description, port number(s), source IP address, destination IP address, and protocol.
  4. Click Add Application.

NOTE: Using the example above, adding MyEmailApp as using ports 12345 - 12350, leaving the rest of the fields at the default, will now make it so that charts will show traffic statistics specifically for MyEmailApp as opposed to Solarwinds taking that traffic and grouping it into unmonitored traffic pile.

 

 

Last modified

Tags

Classifications

Public