Finisar Surveyor User Manual
Page 84
4-24
Surveyor
User’s Guide
How Surveyor Assigns Protocol Names
Surveyor explicitly monitors a predefined set of protocols/applications that use TCP
or UDP as their transport layer. However, some of the TCP or UCP ports monitored
are not given a well-known name. Also, some TCP and UDP ports are not explicitly
monitored, and information about these remaining protocols are collected as though
they were a single entity, one for TCP and one for UDP.
Surveyor monitors two port ranges, which are called Well Known Ports (WKP) and
non-Well Known Ports (non-WKP). In summary, there are four different ways TCP/
UDP ports are assigned names by Surveyor. They are:
•
WKP that have an assigned, default name (i.e. HTTP, DNS, FTP, …)
•
WKP that use a generic name (i.e. TCP WKP 29, UDP PORT 64, …)
•
Non-WKP that have been assigned a specific default name (i.e. NFS, LOTUS
NOTES, RADIUS, …)
•
Non-WKP that have not been assigned a name (TCP OTHER or UDP OTHER)
By changing the MONITOR.INI file, you can change names of generic names of
WKPs and assign names to non-WKPs that are not assigned names by default.
Monitoring Well-Known Ports
Surveyor monitors all protocols that fall in the WKP (Well Known Port) range,
ports with a value between 0 and 1023. If Surveyor detects a TCP or UDP with a
port in the WKP range, information will be maintained on that port (total bytes, total
packet, conversation, etc.).
Some of the ports have been assigned a name that is typically associated with the
port value. For example, TCP port 80 is assigned the name HTTP. This name is used
to represent that port when information about the port is displayed in the monitor
tables of Surveyor.
Other WKPs are not assigned a default name. If these ports are detected, their name
takes the generic form: “TCP WKP <port num>” or “UDP WKP: <port num>”
where <port num> is the WKP value. For example, the TCP port 29 is not assigned
a default name so if this port is detected the name used to represent the port would
be: “TCP WKP 29”.