Specifications
© 2006 Cisco Systems, Inc.
All rights reserved.
Scenarios 3-28
NAM / Traffic Analyzer v3.5 Tutorial
© 2006 Cisco Systems, Inc. All rights reserved.
Scenarios 3-28
NAM / Traffic Analyzer v3.5 Tutorial
Scenario 2
Top Hosts
Scenario 2
Top Hosts
Monitor > Hosts > Network Hosts
Host Drill Down
Host Drill Down
Select Host for Capture
Select Host for Capture
• Use data capture to determine what is the
“tcp-unknown” traffic
• Traffic Analyzer can automatically discover
up to 100 unknown protocols. The
protocols are displayed according to the
parent protocol and port (I.e. tcp-4429).
• Use data capture to determine what is the
“tcp-unknown” traffic
• Traffic Analyzer can automatically discover
up to 100 unknown protocols. The
protocols are displayed according to the
parent protocol and port (I.e. tcp-4429).
Top Hosts
Knowing some of the clients and servers responsible for the proprietary application, Dean decides to view a
Host report to see what their behavior is, and the launch a Quick Capture to help him find and classify the
proprietary traffic.
Step 1. Click Monitor > Hosts > Network Hosts. The Network Hosts report is displayed. Make sure
that the Data Source for the displayed information is the Internal NM-NAM interface by selecting
Internal from the Data Sources pull down list.
Step 2. Dean locates one of the servers and click on its name to drill down into its behavior. The Hosts
Drill Down report displays all protocols in use by this hosts and the conversations for each
protocol. Dean notes that some traffic by this host is classified as “tcp-unknown” traffic or in all
likelihood the proprietary traffic he wishes to classify.
Step 3. Returning to the Network Hosts report, Dean selects the host, and clicks Capture to begin
capturing packets to and from this host.
Note: The capture begins immediately if buffer space is available and the decode screen is displayed.