One of the critical operations performed by the Entuity Integrated Flow Analyzer is the removal of ephemeral port records from the database. When a connection is made from a client to a server, the TCP/UDP port on the server end of the connection determines the application in use. The port number allocated to the client end of the connection is referred to as an ephemeral port and has no meaning. Entuity determines which end of a connection is the server end so that its port number can be used to identify the application:
- ports above 1024 are considered as having the highest priority, regardless of whether the other port has an Entuity application port mapping. Ports below 1024 are reserved port numbers, and so only one port (either the source or the destination port) should be in the range.
- where both ports are greater than 1023, or (more unlikely) both are below 1024, Entuity determines which port to use as the server port by using its port mapping priority configuration.
Entuity identifies application data within the flow data by mapping TCP and UDP port numbers to application names. As an application may use multiple port numbers, you can map multiple ports to an application name. When a port-protocol combination is mapped to two applications, Entuity resolves this conflict by using the application with the highest mapping priority.
Entuity automatically maps protocols other than TCP and UDP to the protocol name. This mapping takes the most generic name, for example all ICMP traffic maps to ICMP and not to ICMP type, ICMP code. Entuity includes a list of the mappings which you can amend and add to.
Application Port page enables you to identify application data within flow data. Entuity does this by mapping TCP and UDP port numbers to application names.
To access the Application Port page:
- In the Main Menu, click Administration.
- Click Application Port. This opens the Application Port page.
- The table on this page shows you the application port mappings. You can reorder the information by clicking on the column headings. You can resize the columns by dragging the column dividers left or right.
- If you want the table to display one entry per application port mapping, tick the consolidate port mappings box. If this box is left unticked, an application with multiple ports will have an entry for each port.
- If you do not want the table to display reserved port mappings, tick the hide reserved port mappings box. If this box is left unticked, reserved port mappings will be displayed in the table.
|Column Name||Column Description|
|Priority||the priority of the mapping. The lower the number, the higher the priority.|
|Application Name||the name of the mapped application.|
|Port(s)||the ports associated with this application.|
|Enabled||indicates whether the mapping is active or inactive.|
Note, after making any changes on the Application Port Mappings page, you must click Save at the bottom of the browser before navigating away from the page.
To add an application port mapping:
- Click Add in the bottom left of the browser to open the Add Application Port Mapping window.
- Enter the display name for the application port mapping in the Application Name field. Note, once created, this cannot be edited.
- Add ports via Add, which opens the Add Port window. To remove a port, select the port you want to remove and click Remove.
- Set the priority level of the mapping in the Priority field. Entuity prevents you from assigning a priority level that is already assigned to another mapping.
- Click OK to save, and the application port mapping will be immediately added to the table. Otherwise, click Cancel.
To edit an application port mapping:
- Select the application port mapping you would like to edit, and click Edit in the bottom left of the browser.
- This will open the Edit Application Port Mapping window. Here you edit the existing application mapping by adding and removing ports, and changing the priority level. When you have made your desired changes, click OK to save. The changes will be immediately applied. Click Cancel to cancel changes.
To delete an application port mapping:
- Select the application port mapping you would like to delete, and click Delete in the bottom left of the browser.
- A deletion confirmation window will open. Click OK to delete or Cancel to cancel.
To enable or disable an application port mapping:
- Select the application port mapping you would like to enable or disable.
- Click Enable or Disable in the bottom left of the browser.