How do I define a Src Port range in the IP :: Flows report?

  • 1
  • Question
  • Updated 6 years ago
  • Answered
Is there a way to report on all traffic on ports less than 1024?
Photo of Declan McDonald

Declan McDonald

  • 4 Posts
  • 0 Reply Likes

Posted 6 years ago

  • 1
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 390 Posts
  • 8 Reply Likes
In the example above, you can filter the IP Flows by Src Port to report down to the information you want to see.

1. Select the IP Flows report
2. From the “More Actions” menu select Save Report.

Your new report will now appear in the custom report section

3. From the "More Actions" menu select Edit insert the syntax '& sport < 1024' as shown below:

Query ip [senid#Sensor#sensor], [proto#Protocol#protocol], [src#Source IP#subnet], [dst#Destination IP#subnet], [sport#Src Port#port], [dport#Dest Port#port], [dport#App#port], [sent#Sent#bytecnt], [rcvd#Rcvd#bytecnt], [tos#TOS#tos], [start#Start#date], [end#End#date], [sum(sent,rcvd)#Total#bytecnt], sort=-12 where {end#t#Time#date#} & {senid#senid#Sensor#sensor#} & {src#src#Source IP/Subnet#subnet#} & {dst#dst#Destination IP/Subnet#subnet#} & {src,dst#ip#Client or Server#subnetdl#} & {proto#proto#IP Protocol#protocol#} & {sport#sport#Src Port#port} & sport < 1024 & {dport#dport#Destination Port#service#} & {tos#tos#TOS#tos#}