Help
These settings allow you to map your custom applications, DSCP or sites w.r.t its IP addresses. This setting will help you to show the particular traffic consumed by the mapped application or DSCP or site.
You can only view the created Mapping in the NetFlow Analyzer Collector UI. All addition and modification of Application, DSCP, Services, AS view and Cloud Services mapping can be done only from the Central UI.
| Setting | Description |
| Application Mapping | Add a application in NetFlow Analyzer to view its traffic consumption |
| DSCP Mapping | Add a DSCP code point in NetFlow Analyzer to view defined QoS traffic |
| Cloud Services | Add a site in NetFlow Analyzer to look at the unknown services and links being accessed by your users |
| Services | Create a custom service in NetFlow Analyzer based on IP address, Port and Protocol |
The Application Mapping option lets you configure the applications identified by NetFlow Analyzer. You can add new applications, modify existing ones, or delete them. Please see the Additional Notes on Application Mapping section to understand this feature more clearly. Also it is possible to associate an IP address with an application.
Refer the page below:
 |
Ensure that the combination of port number and protocol is unique. If not, the older application mapping will be deleted. |
Refer the page below:
Refer the page below:
Applications are categorized based on the source address, destination address, source port, destination port and protocol values in the flow record. These values are matched with the list of applications in the Application Mapping.
The check is done first with the smaller of the 2 ports (source port / destination port), and if no match is found the bigger of the 2 ports is mapped
Application mappings created with specific IP address / IP Range / IP Network is given higher priority over applications mappings with no IP address. For example assume you have 2 application mappings as below:
| Port | Protocol | IP Address / IP Range | Application |
| 80 | TCP | 10.10.1.0( 255.255.255.0) | APP1 |
| 80 | TCP | Any | APP2 |
If a flow is received with source address 10.10.10.10 and Port as TCP-80 then it is classified as APP1. Only TCP-80 flows from non-10.10.10.0 network will be classified as APP2.
Application mappings created with a single port is given higher priority over applications mappings with port range. For example, assume you have application mappings as below:
| Port | Protocol | IP Address / IP Range | Application |
| 80 | TCP | any | APP1 |
| 70 - to - 90 | TCP | any | APP2 |
If a flow is received with Port as TCP-80 then it is classified as APP1.
Applications are categorized based on the source address, destination address, source port, destination port and protocol values in the flow record.
The smallest of the 2 ports (source port / destination port) and protocol is matched with the port-protocol in the application mapping list
If no match is found, the biggest of the 2 ports (source port / destination port) and protocol is matched with the port-protocol in the application mapping list.
If no match is found, the smaller of the 2 ports (source port / destination port) and protocol is matched with the port range-protocol in the application mapping list.
If no match is found, the biggest of the 2 ports (source port / destination port) and protocol is matched with the port range-protocol in the application mapping list.
If no match is found, the application is categorized as protocol_App (as in TCP_App or UDP_App)
In case the protocol is not available in the application mapping list, the application is categorized as Unknown_App
The sequence in which the mappings are checked is as follows:
1. Application mapping with specific IP address / IP Range / IP Network is matched.
2. Application mapping with no IP address and single port number / port range.
The DiffServ model for DSCP Mapping was developed to differentiate IP traffic so that the traffic's relative priority could be determined on a per-hop basis. Using DSCP Mapping you can name the DiffServ code points and monitor their traffic in troubleshooting reports under the DSCP tab. Note that the DSCP reports can be viewed on the Troubleshooting page by clicking on the DSCP tab.
Refer the page below:
 |
It is not possible to edit a DSCP mapping, however you can delete the old mapping and add it as new DSCP mapping.
|
Refer the page below:
Cloud Services mapping consists of a predefined list of domain names and their corresponding IP addresses, helping to resolve IP addresses. This predefined list of domain names and corresponding IP addresses will be updated every 24 hours provided with stable internet connection.
Refer the page below:
https://www.manageengine.com/products/netflow/help/how-to-map-cloud-services.html#mapcloudservice