Classifying Traffic by Port Number

You can help identify traffic that is considered unclassified by associating source and destination ports (or both) with a protocol or application by way of the NTA Applications Library. Network Traffic Analyzer considers network traffic to be "unclassified" when both source and destination ports are either outside the well-known port range or not classified in the Application Library.

To edit a port to application relationship:

Open the NTA Applications Library (SETTINGS menu > Network Traffic Analyzer > NTA Applications).
The NTA Applications Library dialog displays.
Click a value in a table cell and type in a new value or click the Add button to map additional ports to the current protocol.
Click Save.
Check report data such as the Top n Applications or Top n Conversations report for the mapping you applied. Conversely, these mappings should remove them from the Unclassified Traffic report.

To add a port mapping:

Open the NTA Applications Library (Settings > Network Traffic Analyzer > NTA Applications).
The NTA Applications Library dialog displays.
Click Add.
- Application. Type in a name/label you want to associate with the port. Example: Apache Tomcat.
- Port or Range. Add a port or range. Example: 8088
- TCP/UDP/SCTP/DCCP. Expected transport protocol (select one). Example: TCP
- Subnets. Add subnet IPs if you want these rules to apply only to certain network segments.
Add more ports and clilck Save, or just click Save.
Check report data such as the Top n Applications or Top n Conversations report for the mapping you applied. Conversely, these mappings should remove them from the Unclassified Traffic report.