Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 17930 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unclassified traffic...what can I do

AZSysAdmin

So, the Daily Executive Report has a fair amount of "unclassified" traffic. Is there anything I could do to determine what this traffic is without staring at the log all day? Where if any documentation would allow me to understand this better? The utm9351 admin manual? I'm still looking through.

Any information or suggestions would be helpful, as well if perhaps just being too OCD. I accept that. However, I would like to know since the percentage is high enough to want to know what is happening and what type of traffic it is.



This thread was automatically locked due to age.
Parents
  • +1
    Classified apps are based on various parameter, usually unique port(s) used by a particular service or a list of know servers that are utilized. If the UTM doesn't have those definition parameters, because the app uses dynamic/non-unique ports or is constantly changing servers, the app shows as unclassified. Hit the various reports under logging and reporting to find the port(s) used, the remote server address, and the address of your client machine. You can then use a combination of your knowledge of what's installed on your client machine, the data in the reports and logs on the UTM, google searches, and whois lookups/nslookups to possibly track things down one by one.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Reply
  • +1
    Classified apps are based on various parameter, usually unique port(s) used by a particular service or a list of know servers that are utilized. If the UTM doesn't have those definition parameters, because the app uses dynamic/non-unique ports or is constantly changing servers, the app shows as unclassified. Hit the various reports under logging and reporting to find the port(s) used, the remote server address, and the address of your client machine. You can then use a combination of your knowledge of what's installed on your client machine, the data in the reports and logs on the UTM, google searches, and whois lookups/nslookups to possibly track things down one by one.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Children
No Data
Unfiltered HTML