Applications tab – Some questions answered

NetFlow Analyzer | January 12, 2012 | 2 min read

Some frequently answered questions of the Application, Source and Destination tabs in NetFlow Analyzer have been handled in this blog.

Our primary focus would be on the ‘Applications’ tab which displays information on the applications used in the link along with the amount of data handled by that particular application and the bandwidth consumption involved.

NetFlow Analyzer maps the application on the basis of the port and protocol used in a conversation. Application mapping is done by prioritizing the lower port number used in a conversation. We cannot map the application name based on source/destination port number. For example,

      Src IP                   Dst IP             SrcPort       DstPort       Protocol

192.168.90.12    172.16.100.19       88              443             TCP

In the mentioned conversation, NetFlow Analyzer checks if any application has already been mapped for port 88 failing which it checks for the port 443 and maps under HTTPS.

Applications contributing more than 1KB of data is stored in the historic tables.

Why Application showing ‘_App’?

NetFlow Analyzer have 10000 Application names stored in its database. Any application that falls out of this category will be categorized as ‘_App’, based on the protocol used.

This is why ‘*’ is displayed for the port number in the ‘Conversation’ tab when the time period selected is more than 6 hours.

In such cases, clicking on show ports, based on which the corresponding application can be found and added through Application / QoS Mapping –> Add. The ‘Show Ports’ will be available within 24 hours of collection of data.

Why is the drilled amount of traffic less?

In some applications, the amount of traffic shown in the Application tab on drilling down will be less. This is because the drill down for an Application is queried from the conversations table which stores the top 100 records of unique conversations. If the conversation corresponding to a given application does not fall in the top 100, then it will not be displayed in the conversation table. This is exactly why the discrepancy occurs.

Hope this helps.

Arun Karthik Asokan

NetFlow Analyzer Technical Team

Download | Interactive Demo  | Twitter | Customers

Tags : _App application / Application / Application mapping / Application tab / Application tab in NetFlow Analyzer / less traffic
arunkarthik.a@zohocorp.com