Germany
Japan
Korea
UK
United States
|
|
How to Extract Uncommon or Nonstandard Network FlowsJim Thor – WildPackets Professional Services
The purpose of this tip is to show you how to find and extract the network flows that use uncommon or nonstandard ports. This is necessary because in today's networks we often run applications on non-standard or uncommon ports. The issue that can arise from this is that OmniPeek will not know how to define the traffic, and will usually classify it all at the next lower protocol layer, usually TCP or UDP. As an example, you may be running HTTP on various ports. For the traffic on port 80 (standard), it will be defined by OmniPeek as HTTP. For the HTTP traffic on other non-standard ports, it will generally be classified as TCP. This tip will show you how to separate the traffic, so that you can take the next step if necessary, customizing OmniPeek so that those flows show up as specifically defined traffic. This tip will not cover customizing OmniPeek, but you can find a video about that on your MyPeek page. The simple steps below will walk you through doing this, slowly. It is possible to do this in fewer steps, but you need to know where to start first; then you can take shortcuts as you find necessary. We will be focusing on TCP in this example. 
The first step is to 'Select Related' by the protocol (here TCP) and then 'Hide Unselected Packets' as you see below. 
Once you have completed that, you will see that just the TCP traffic is left. 
The next step is to highlight all the known traffic, and do a 'Select Related' by it. But this time you will 'Hide the Selected Packets'. 
You now have just the TCP traffic that was running on those un-common or non-standard ports. 
To get the flow information on this traffic now we will go to our Expert views, either Application or Flat depending on what you want to see. On the left side you see the 'Application Expert' which shows us the ports in use, and how many flows each port had. You can sort by the Name column (as shown here) or by the 'Flows' column to see the busiest ports. You could also use the 'Flat Expert' to see the individual flows and again sort according to what you are most interested in, generally the 'Server Port', but Server Address also has its benefits. 
Now that you know the flows, you can take the next step and customize OmniPeek to identify this traffic specifically to fit your needs. It only takes a few moments to do this, and you will benefit greatly from it forever. Did you notice the custom protocols in the screen shots above? |
Lawful Intercept
Deploying & Testing Applications
Distributed Networks
Network Baselining
Network Forensics
Network Performance Analysis
- NetFlow
Network Performance Management
Network Security
Network Troubleshooting
Product Development Support
VoIP Monitoring and Analysis
Video Monitoring and Analysis
Wireless Network Analysis
10 Gigabit Networks
Industry Specific Solutions
OmniFlow Collector
NetFlow Collector
sFlow Collector
OmniPeek Network Analyzer
Compass Live
OmniEngine Software Probe
OmniVirtual VMware Probe
TimeLine Network Recorder
Omnipliance Network Recorder
OmniAdapter Analysis Cards
Omnipliance Portable
Product Activation FAQs
Maintenance Programs
Product Versions
Contact Tech Support
Downloads
Training / Courses
Consulting
Custom Engineering
WildPackets Forums
MyPeek Community Portal
Information Kits
Video How-To's
Product Tips and Tricks
Networking Glossary
Networking Links
Free Utilities
Media Coverage
Media Kit
Blog
Peeks Newsletter
Success Stories
Reviews & Awards
Upcoming Events
Webinars & Webcasts
Software Upgrades
Hardware
Training
Maintenance Renewal
Per Incident Support
Sales Policies
Contact Sales
