Protocol, Source port, Dest port – Fluke Computer Accessories User Manual
Page 33: Src/dest port, Source application, Dest application, Src/dest application, Recognised application, Identified application, User’s guide – version 3.5 netflow tracker 33
User’s Guide – version 3.5
NetFlow Tracker
33
Protocol
You can restrict the set of IP protocols considered. For example, you may want to
consider only UDP or ICMP traffic while investigating a denial-of-service attack.
Source port
The source port filter restricts the source application port number; it should be used in
conjunction with the protocol filter.
Dest port
This restricts the destination application port number.
Src/dest port
This filter will consider traffic with the given port number as either the source or
destination.
Source application
The source application filter restricts the IP protocol and source application port
number. You can enter a port number and protocol manually or you can select from
the configured in the
settings page.
Dest application
This restricts the protocol and destination application port, selectable by name.
Src/dest application
This filter considers traffic using the given application as either the source or
destination.
Recognised application
This filter selects traffic with the given source or destination application. Whether the
source or destination application is considered depends on whether it has a name
defined in the
settings page, or if both or neither have names,
whichever has the lower port number.
Identified application
This filter selects traffic with the given identified application. In order for applications to
be identified the NetFlow device must support the functionality and its identified
application mapping must be configured in
ToS
You can report only on traffic bearing any one of a set of type-of-service byte values.
You build the ToS byte value by picking the priority and the minimize delay (D), maximise
throughput (T), maximise reliability (R) and minimise monetary cost (M) flags. If you
leave the priority or any of the flags empty then only the fields you supplied a value for
are considered. Thus you can match traffic of a given priority with any flags, or with
particular flags set or unset but any priority and any values for the other flags.