Why are there so few channels built into the netflow sensor? This results in much of the traffic being cataloged as other, and makes it hard to find out bandwidth utilization. Has anyone made a more complete channel definition list they can share that contains more commonly used TCP ports for a Windows, Cisco, Vmware centric IT environment?
I see that you can save the other stream to disk and then parse the results to find out the traffic with source/dest IPs and ports but this seems rather painstaking.
Anyone have anything custom that we can copy/paste?
Article Comments
Is it possible to have a listing of the default channel groups that are standard with a vanilla Netflow Sensor so I can use that as a jumping off point to creating a custom Netflow sensor with new channel definitions?
I see that they are
1. NetBIOS
2. WWW
3. Mail 249 KByte
4. Infrastructure
5. Remote Control
6. FTP/P2P
I imagine it would be something like:
- 1001:NETBIOS ((Protocol[TCP] OR Protocol[UDP]) AND (DestinationPort[137-139] OR SourcePort[137-139]))
- 1002:WWW Protocol[TCP] and ( SourcePort[80] or DestinationPort[80] or SourcePort[8080] or DestinationPort[8080] or SourcePort[443] or DestinationPort[443] )
Can you verify this? Thanks!
Mar, 2011 - Permalink
These listing of the "default channel groups" from a "standard Netflow" Sensor are all listed in the already mentioned article: https://helpdesk.paessler.com/en/support/solutions/articles/76000063664-can-i-add-custom-channels-to-standard-packet-sniffer-and-netflow-sensors
Mar, 2011 - Permalink
Hallo,
you can create a custom Netflow Sensor and then add channels yourself.
please take a look at
https://www.paessler.com/knowledgebase/en/topic/2143-can-i-add-custom-channels-to-standard-packet-sniffer-and-netflow-sensors
a list of what port definitions can be found online
e.g. http://www.iana.org/assignments/port-numbers
Mar, 2011 - Permalink