These settings allow you to map your custom applications, DSCP or sites w.r.t its IP addresses. This setting will help you to show the particular traffic consumed by the mapped application or DSCP or site.
You can only view the created Mapping in the NetFlow Analyzer Collector UI. All addition and modification of Application, DSCP and Top sites mapping can be done only from the Central UI.
Setting | Description |
Application Mapping | Add a application in NetFlow Analyzer to view its traffic consumption |
DSCP Mapping | Add a DSCP code point in NetFlow Analyzer to view defined QoS traffic |
Top Sites | Add a site in NetFlow Analyzer to view its traffic consumption |
Services | Create a custom service in NetFlow Analyzer based on IP address, Port and Protocol |
The Application Mapping option lets you configure the applications identified by NetFlow Analyzer. You can add new applications, modify existing ones, or delete them. Please see the Additional Notes on Application Mapping section to understand this feature more clearly. Also it is possible to associate an IP address with an application.
Refer the page below:
Ensure that the combination of port number and protocol is unique. If not, the older application mapping will be deleted. |
Refer the page below:
Refer the page below:
Applications are categorized based on the source address, destination address, source port, destination port and protocol values in the flow record. These values are matched with the list of applications in the Application Mapping.
The check is done first with the smaller of the 2 ports (source port / destination port), and if no match is found the bigger of the 2 ports is mapped
Application mappings created with specific IP address / IP Range / IP Network is given higher priority over applications mappings with no IP address. For example assume you have 2 application mappings as below:
Port | Protocol | IP Address / IP Range | Application |
80 | TCP | 10.10.1.0( 255.255.255.0) | APP1 |
80 | TCP | Any | APP2 |
If a flow is received with source address 10.10.10.10 and Port as TCP-80 then it is classified as APP1. Only TCP-80 flows from non-10.10.10.0 network will be classified as APP2.
Application mappings created with a single port is given higher priority over applications mappings with port range. For example, assume you have application mappings as below:
Port | Protocol | IP Address / IP Range | Application |
80 | TCP | any | APP1 |
70 - to - 90 | TCP | any | APP2 |
If a flow is received with Port as TCP-80 then it is classified as APP1.
Applications are categorized based on the source address, destination address, source port, destination port and protocol values in the flow record.
The smallest of the 2 ports (source port / destination port) and protocol is matched with the port-protocol in the application mapping list
If no match is found, the biggest of the 2 ports (source port / destination port) and protocol is matched with the port-protocol in the application mapping list.
If no match is found, the smaller of the 2 ports (source port / destination port) and protocol is matched with the port range-protocol in the application mapping list.
If no match is found, the biggest of the 2 ports (source port / destination port) and protocol is matched with the port range-protocol in the application mapping list.
If no match is found, the application is categorized as protocol_App (as in TCP_App or UDP_App)
In case the protocol is not available in the application mapping list, the application is categorized as Unknown_App
The sequence in which the mappings are checked is as follows:
1. Application mapping with specific IP address / IP Range / IP Network is matched.
2. Application mapping with no IP address and single port number / port range.
The DiffServ model for DSCP Mapping was developed to differentiate IP traffic so that the traffic's relative priority could be determined on a per-hop basis. Using DSCP Mapping you can name the DiffServ code points and monitor their traffic in troubleshooting reports under the DSCP tab. Note that the DSCP reports can be viewed on the Troubleshooting page by clicking on the DSCP tab.
Refer the page below:
It is not possible to edit a DSCP mapping, however you can delete the old mapping and add it as new DSCP mapping.
|
Refer the page below:
The Top Sites report displays the applications contributing to the maximum network traffic.The top sites option maps application to the resolved DNS names. Expanding the applications displays name of the website (if the DNS is resolved) and names of top 10 machines in your network (if the DNS is resolved) connecting to that website. It will also give the contribution of traffic in terms of upload & download volume (and % of total traffic) from each IP address to the particular site through that application.
Using the Mappings option you can now Add, Modify or Delete the pre-defined IP addresses and its corresponding application/site.
Refer the page below:
https://www.manageengine.com/products/netflow/help/how-to-add-delete-a-site-map.html#addsitemap
Refer the page below:
https://www.manageengine.com/products/netflow/help/how-to-add-delete-a-site-map.html#deletesitemap
Refer the page below:
https://www.manageengine.com/products/netflow/help/how-to-add-delete-a-site-map.html#edittopsite
Service mapping allows you to add custom services using IP, port and protocol details and monitor the status of services running in your network.
Refer the page below:
https://www.manageengine.com/products/netflow/help/how-to-add-a-service.html#addservicemap